Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

CWE-610: Externally Controlled Reference to a Resource in Another Sphere | Mondoo Vulnerability Intelligence

CWE-610

ClassDraft

View on MITRE

Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

62 linked vulnerabilities

1 related weaknesses

Confidentiality

Integrity

Read Application Data

Modify Application Data

An adversary could read or modify data, depending on how the resource is intended to be used.

Access Control

Gain Privileges or Assume Identity

An adversary that can supply a reference to an unintended resource can potentially access a resource that they do not have privileges for, thus bypassing existing access control mechanisms.

Modes of Introduction

Architecture and Design

Related Weaknesses

CWE-664ChildOf

Example CVEs (6)

CVE-2022-3032

An email client does not block loading of remote objects in a nested document.

CVE-2022-45918

Chain: a learning management tool debugger uses external input to locate previous session logs (CWE-73) and does not properly validate the given path (CWE-20), allowing for filesystem path traversal using "../" sequences (CWE-24)

CVE-2018-1000613

Cryptography API uses unsafe reflection when deserializing a private key

CVE-2020-11053

Chain: Go-based Oauth2 reverse proxy can send the authenticated user to another site at the end of the authentication flow. A redirect URL with HTML-encoded whitespace characters can bypass the validation (CWE-1289) to redirect to a malicious site (CWE-601)

CVE-2022-42745

Recruiter software allows reading arbitrary files using XXE

External Links

MITRE CWE Database