CWE-672 81 個 CVE MITRE 定義 ↗

CWE-672:Operation on a Resource after Expiration or Release

概覽

CWE-672(Operation on a Resource after Expiration or Release)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Mobile Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-58291 2026-07-03 Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
CVE-2026-56314 2026-06-22 Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bu…
CVE-2026-2379 2026-06-05 On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain ag…
CVE-2026-33463 2026-05-28 Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bo…
CVE-2026-42791 2026-05-27 Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP res…
CVE-2026-33278 2026-05-20 NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a…
CVE-2026-32244 2026-05-18 Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivi…
CVE-2026-4053 2026-05-15 Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, an…
CVE-2026-45005 2026-05-11 OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook ro…
CVE-2013-10075 2026-05-08 Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exi…
CVE-2026-43585 2026-05-06 OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resol…
CVE-2026-1629 2026-03-16 Mattermost versions 10.11.x <= 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previous…
CVE-2026-31875 2026-03-11 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.7 and 8.6.33, when multi-factor authentication (MFA) via TOTP is enabled fo…
CVE-2026-30978 2026-03-10 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-use-after-free in CIccCmm::AddXform() causing invalid vptr dereference an…
CVE-2026-23111 2026-02-13 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted elemen…
CVE-2026-1237 2026-01-28 Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is i…
CVE-2025-69415 2026-01-02 In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account.
CVE-2025-58149 2025-10-31 When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory…
CVE-2025-55669 2025-10-15 When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to term…
CVE-2025-10060 2025-09-05 MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be …

曾用名

  • Use of a Resource after Expiration or Release (2010-02-16)

內容提交

名稱
CWE Content Team
組織
MITRE
日期
2008-04-11
版本
Draft 9

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships
2010-02-16 CWE Content Team 1.8 updated Demonstrative_Examples, Description, Name, Relationships
2010-09-27 CWE Content Team 1.10 updated Observed_Examples, Relationships
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Common_Consequences, Demonstrative_Examples, Relationships
2013-02-21 CWE Content Team 2.4 updated Relationships
2014-02-18 CWE Content Team 2.6 updated Applicable_Platforms
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Demonstrative_Examples, Taxonomy_Mappings
2019-01-03 CWE Content Team 3.2 updated References, Relationships, Taxonomy_Mappings
2019-06-20 CWE Content Team 3.3 updated Relationships, Type
2020-02-24 CWE Content Team 4.0 updated Applicable_Platforms, Relationships
2020-08-20 CWE Content Team 4.2 updated Relationships
2020-12-10 CWE Content Team 4.3 updated Relationships
2021-10-28 CWE Content Team 4.6 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships, Time_of_Introduction
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Observed_Examples
2025-12-11 CWE Content Team 4.19 updated Detection_Factors, Weakness_Ordinalities
cvelogic Threat Intelligence