CWE-412 5 个 CVE MITRE 定义 ↗

CWE-412:Unrestricted Externally Accessible Lock

概览

CWE-412(Unrestricted Externally Accessible Lock)描述一种在漏洞数据库与安全评估中使用的弱点类型;定义、背景与映射 CVE 见下方各节。

安全影响
安全影响:因产品与场景而异;请结合 CVE 记录、严重度评分与 MITRE 说明进行优先级判断。

描述

The product properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control.

适用平台

类型 名称 普遍性 OS / CPE
language Not Language-Specific Undetermined

本库相关 CVE

下列 CVE 在本库中映射到该弱点,并保留以便追溯与检索。

CVE 公开时间 摘要
CVE-2026-25612 2026-02-10 The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this rep…
CVE-2023-38505 2023-07-27 DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS m…
CVE-2023-22318 2023-05-15 Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5.
CVE-2019-11485 2020-02-08 Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.
CVE-2019-18269 2019-12-16 Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.

曾用名

  • Unrestricted Critical Resource Lock (2008-04-11)
  • Unrestricted Lock on Critical Resource (2009-07-27)

内容提交

名称
PLOVER
日期
2006-07-19
版本
Draft 3

内容修订

日期 名称 版本 重要性 评论
2008-07-01 Eric Dalci 1.0 updated Potential_Mitigations, Time_of_Introduction
2008-08-01 1.0 added/updated white box definitions
2008-08-15 1.0 Suggested OWASP Top Ten 2004 mapping
2008-09-08 CWE Content Team 1.0 updated Common_Consequences, Description, Detection_Factors, Relationships, Observed_Example, Relationship_Notes, Taxonomy_Mappings
2008-10-14 CWE Content Team 1.0.1 updated Description
2009-07-17 KDM Analytics 1.5 Critical Suggested a better name and the minimal relationship with resources regardless of their criticality.
2009-07-17 KDM Analytics 1.5 Added a White_Box_Definition and clarified the consequences.
2009-07-27 CWE Content Team 1.5 updated Common_Consequences, Description, Name, Potential_Mitigations, White_Box_Definitions
2011-03-29 CWE Content Team 1.12 updated Demonstrative_Examples
2011-06-01 CWE Content Team 1.13 updated Common_Consequences, Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Demonstrative_Examples, Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Relationships, White_Box_Definitions
2019-01-03 CWE Content Team 3.2 updated Relationships, Taxonomy_Mappings
2020-02-24 CWE Content Team 4.0 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Weakness_Ordinalities

贡献

类型 名称 日期 评论
Feedback 2008-08-29 suggested clarification of description and observed examples, which were vague and inconsistent.
cvelogic Threat Intelligence