Common Weakness Enumeration

CWE-266

Allowed

Incorrect Privilege Assignment

Abstraction: Base · Status: Draft

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

1917 vulnerabilities reference this CWE, most recent first.

GHSA-8CW5-3V42-MC6R

Vulnerability from github – Published: 2026-05-14 12:30 – Updated: 2026-05-14 12:30
VLAI
Details

Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to the database. In order to exploit this vulnerability, the client application has to be already configured, but a user does not have to be logged in.  This issue has been fixed in version 2026.4

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-68420"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-14T11:16:16Z",
    "severity": "HIGH"
  },
  "details": "Comarch\u00a0ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it\u0027s memory, extract credentials and use them to gain a privileged access to the database. In order to exploit this vulnerability, the client application has to be already configured, but a user does not have to be logged in.\u00a0\nThis issue has been fixed in version 2026.4",
  "id": "GHSA-8cw5-3v42-mc6r",
  "modified": "2026-05-14T12:30:27Z",
  "published": "2026-05-14T12:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68420"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/posts/2026/05/CVE-2025-68420"
    },
    {
      "type": "WEB",
      "url": "https://www.comarch.pl/erp/comarch-optima"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8FH2-HM78-4FRG

Vulnerability from github – Published: 2026-03-22 15:31 – Updated: 2026-03-22 15:31
VLAI
Details

A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-4548"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-22T14:16:34Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely.",
  "id": "GHSA-8fh2-hm78-4frg",
  "modified": "2026-03-22T15:31:28Z",
  "published": "2026-03-22T15:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4548"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.352375"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.352375"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.774805"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8FJ5-GQ7X-CFM8

Vulnerability from github – Published: 2025-04-04 18:31 – Updated: 2025-04-04 18:31
VLAI
Details

A vulnerability was found in xujiangfei admintwo 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/updateSet. The manipulation of the argument email leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-3256"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-04T17:15:47Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in xujiangfei admintwo 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/updateSet. The manipulation of the argument email leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-8fj5-gq7x-cfm8",
  "modified": "2025-04-04T18:31:07Z",
  "published": "2025-04-04T18:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3256"
    },
    {
      "type": "WEB",
      "url": "https://github.com/caigo8/CVE-md/blob/main/admintwo/%E6%B0%B4%E5%B9%B3%E8%B6%8A%E6%9D%83.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.303326"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.303326"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.549009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8GFP-PQPJ-77H9

Vulnerability from github – Published: 2025-09-23 00:32 – Updated: 2025-09-23 00:32
VLAI
Details

A security vulnerability has been detected in fuyang_lipengjun platform 1.0. This issue affects the function UserCouponController of the file /usercoupon/queryAll. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10819"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-22T23:15:35Z",
    "severity": "MODERATE"
  },
  "details": "A security vulnerability has been detected in fuyang_lipengjun platform 1.0. This issue affects the function UserCouponController of the file /usercoupon/queryAll. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.",
  "id": "GHSA-8gfp-pqpj-77h9",
  "modified": "2025-09-23T00:32:03Z",
  "published": "2025-09-23T00:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10819"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.325176"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.325176"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.653740"
    },
    {
      "type": "WEB",
      "url": "https://www.cnblogs.com/aibot/p/19063466"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8GX4-V2GF-W2CR

Vulnerability from github – Published: 2026-04-10 03:31 – Updated: 2026-04-10 03:31
VLAI
Details

A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirmed the issue and will provide a fix in the upcoming release.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5999"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-10T03:16:04Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirmed the issue and will provide a fix in the upcoming release.",
  "id": "GHSA-8gx4-v2gf-w2cr",
  "modified": "2026-04-10T03:31:10Z",
  "published": "2026-04-10T03:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5999"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jeecgboot/JeecgBoot/issues/9508"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jeecgboot/JeecgBoot/issues/9508#issuecomment-4199090102"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jeecgboot/JeecgBoot"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/793656"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/356553"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/356553/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8H7M-CR8F-H7X7

Vulnerability from github – Published: 2025-05-13 12:31 – Updated: 2025-05-13 12:31
VLAI
Details

A vulnerability has been identified in Mendix OIDC SSO (Mendix 10 compatible) (All versions < V4.0.0), Mendix OIDC SSO (Mendix 9 compatible) (All versions). The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-40571"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-13T10:15:26Z",
    "severity": "LOW"
  },
  "details": "A vulnerability has been identified in Mendix OIDC SSO (Mendix 10 compatible) (All versions \u003c V4.0.0), Mendix OIDC SSO (Mendix 9 compatible) (All versions). The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development.",
  "id": "GHSA-8h7m-cr8f-h7x7",
  "modified": "2025-05-13T12:31:36Z",
  "published": "2025-05-13T12:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40571"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-726617.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8HCX-P7M8-GC28

Vulnerability from github – Published: 2026-05-28 06:31 – Updated: 2026-07-01 21:20
VLAI
Summary
Duplicate Advisory: Keycloak has privilege escalation via improper scope mapping enforcement
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-32h4-44jj-c5vx. This link is maintained to preserve external references.

Original Description

A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security controls, allowing the injected role to be projected into a user's authentication token when they access the modified client. This could lead to unauthorized privilege escalation within the Keycloak realm.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "26.6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-01T21:20:02Z",
    "nvd_published_at": "2026-05-28T05:16:41Z",
    "severity": "HIGH"
  },
  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-32h4-44jj-c5vx. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in Keycloak\u0027s Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client\u0027s scope mapping. This bypasses intended security controls, allowing the injected role to be projected into a user\u0027s authentication token when they access the modified client. This could lead to unauthorized privilege escalation within the Keycloak realm.",
  "id": "GHSA-8hcx-p7m8-gc28",
  "modified": "2026-07-01T21:20:03Z",
  "published": "2026-05-28T06:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9795"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:30049"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:30050"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:30083"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:30084"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-9795"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482462"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9795.json"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: Keycloak has privilege escalation via improper scope mapping enforcement",
  "withdrawn": "2026-07-01T21:20:02Z"
}

GHSA-8JRC-FQXP-MFRG

Vulnerability from github – Published: 2025-08-20 09:30 – Updated: 2026-04-01 18:35
VLAI
Details

Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify allows Privilege Escalation. This issue affects Bookify: from n/a through 1.0.9.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-48142"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-20T08:15:30Z",
    "severity": "HIGH"
  },
  "details": "Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify allows Privilege Escalation. This issue affects Bookify: from n/a through 1.0.9.",
  "id": "GHSA-8jrc-fqxp-mfrg",
  "modified": "2026-04-01T18:35:53Z",
  "published": "2025-08-20T09:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48142"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/bookify/vulnerability/wordpress-bookify-1-0-9-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8JVQ-CJ68-W363

Vulnerability from github – Published: 2025-01-16 21:31 – Updated: 2026-04-01 18:33
VLAI
Details

Incorrect Privilege Assignment vulnerability in Wouter Dijkstra DD Roles allows Privilege Escalation.This issue affects DD Roles: from n/a through 4.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23528"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-16T20:15:38Z",
    "severity": "HIGH"
  },
  "details": "Incorrect Privilege Assignment vulnerability in Wouter Dijkstra DD Roles allows Privilege Escalation.This issue affects DD Roles: from n/a through 4.1.",
  "id": "GHSA-8jvq-cj68-w363",
  "modified": "2026-04-01T18:33:11Z",
  "published": "2025-01-16T21:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23528"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/dd-roles/vulnerability/wordpress-dd-roles-plugin-4-1-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8M7W-VWCH-MW57

Vulnerability from github – Published: 2026-03-08 00:31 – Updated: 2026-03-08 00:31
VLAI
Details

A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function FakeAppProvider of the component org.ethosmobile.ethoslauncher. Performing a manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3674"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-07T22:15:50Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function FakeAppProvider of the component org.ethosmobile.ethoslauncher. Performing a manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-8m7w-vwch-mw57",
  "modified": "2026-03-08T00:31:46Z",
  "published": "2026-03-08T00:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3674"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/Lytes/571902a31a3d543da009554a82f2d00c"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.349570"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.349570"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.764700"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.