CWE-610Externally Controlled Reference to a Resource in Another Sphere

PUBLISHEDweakness record
released 2007-05-07 · last modified 2025-12-11

Metadata

CWE ID:
CWE-610
摘要:
Class
结构:
Simple
状态:
Draft
发布日期:
2007-05-07
更新日期:
2025-12-11

名称

Externally Controlled Reference to a Resource in Another Sphere

描述

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

常见后果

范围:
Confidentiality, Integrity
影响:
Read Application Data, Modify Application Data
注释:
An adversary could read or modify data, depending on how the resource is intended to be used.
范围:
Access Control
影响:
Gain Privileges or Assume Identity
注释:
An adversary that can supply a reference to an unintended resource can potentially access a resource that they do not have privileges for, thus bypassing existing access control mechanisms.

相关 CWE