CWE-6687 advisories

Exposure of Resource to Wrong Sphere

What it is

A resource is made available to an actor or sphere that should not have access to it.

How to fix it

Upgrade and restrict the resource to the intended sphere.

How to avoid it

Scope resources to the narrowest sphere and validate the access boundary.

Known Exposure of Resource to Wrong Sphere vulnerabilities

WEB3-WAZIRX-2024 — critical · Web3 · CEX/WazirX
AI-SAPWNED-2024 — critical · SAP AI Core/SAP AI Core · exploited
CVE-2024-21626 — high · Container/runc (OCI container runtime)
APPSEC-SHADOW-API — high · API/Improper inventory management (shadow/zombie APIs)
CLOUD-CHAOSDB-2021 — critical · Cloud · Azure/Azure Cosmos DB
K8S-EXPOSED-ETCD — critical · Kubernetes/etcd (Kubernetes control-plane key-value store, ports 2379/2380)
OPSEC-TARGET-2013 — critical · Retail · POS/Target

Stateward flags Exposure of Resource to Wrong Sphere in your own code and dependencies on every pull request.

Scan my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.