CWE-610—Externally Controlled Reference to a Resource in Another Sphere
PUBLISHEDweakness record
released 2007-05-07 · last modified 2025-12-11
Metadata
- CWE ID:
- CWE-610
- 摘要:
- Class
- 结构:
- Simple
- 状态:
- Draft
- 发布日期:
- 2007-05-07
- 更新日期:
- 2025-12-11
名称
Externally Controlled Reference to a Resource in Another Sphere
描述
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
常见后果
- 范围:
- Confidentiality, Integrity
- 影响:
- Read Application Data, Modify Application Data
- 注释:
- An adversary could read or modify data, depending on how the resource is intended to be used.
- 范围:
- Access Control
- 影响:
- Gain Privileges or Assume Identity
- 注释:
- An adversary that can supply a reference to an unintended resource can potentially access a resource that they do not have privileges for, thus bypassing existing access control mechanisms.