CWE-306

What it is

Weakness class CWE-306 (MITRE Common Weakness Enumeration).

How to fix it

Upgrade the affected dependency to a patched version.

How to avoid it

Follow secure-coding guidance for this weakness class and keep dependencies current.

Known CWE-306 vulnerabilities

• CONTAINER-EXPOSED-DOCKER-API — critical · Container/Docker Engine remote API / daemon (ports 2375/2376) · exploited
• WEB3-PLAYDAPP-2024 — critical · Web3 · Ethereum/PlayDapp · exploited
• WEB3-EULER-2023 — critical · Web3 · Ethereum/Euler Finance · exploited
• APPSEC-OPTUS-2022 — critical · API · Telecom/Optus
• WEB3-HARMONY-HORIZON-2022 — critical · Web3 · Ethereum/Harmony Horizon Bridge
• CVE-2021-38647 — critical · Cloud · Azure/Azure Open Management Infrastructure (OMI) · exploited
• CLOUD-POWERAPPS-2021 — high · Cloud · Azure/Microsoft Power Apps portals
• APPSEC-EXPERIAN-API-2021 — high · API · Finance/Experian (Experian Connect API)
• CLOUD-KUBELET-HILDEGARD-2021 — high · Kubernetes/Kubernetes kubelet API
• APPSEC-FIRSTAM-2019 — critical · API · Finance/First American Financial Corp.
• K8S-EXPOSED-ETCD — critical · Kubernetes/etcd (Kubernetes control-plane key-value store, ports 2379/2380)
• INFRA-TESLA-K8S-2018 — high · Kubernetes/Kubernetes admin console (Tesla AWS environment)
• INFRA-MONGODB-2017 — critical · Database · MongoDB/MongoDB (internet-exposed instances)

Stateward flags CWE-306 in your own code and dependencies on every pull request.

Summarize with AI

ChatGPTClaudePerplexity