CWE-268
AllowedPrivilege Chaining
Abstraction: Base · Status: Draft
Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.
45 vulnerabilities reference this CWE, most recent first.
CVE-2025-0889 (GCVE-0-2025-0889)
Vulnerability from cvelistv5 – Published: 2025-02-26 01:41 – Updated: 2025-02-26 15:43| Vendor | Product | Version | |
|---|---|---|---|
| BeyondTrust | Privilege Management for Windows |
Affected:
0 , < 25.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:46:53.686658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T15:43:14.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Privilege Management for Windows",
"vendor": "BeyondTrust",
"versions": [
{
"lessThan": "25.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.\u0026nbsp;"
}
],
"value": "Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "CWE-268",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T01:41:25.407Z",
"orgId": "13061848-ea10-403d-bd75-c83a022c2891",
"shortName": "BT"
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-01"
}
],
"source": {
"advisory": "https://www.beyondtrust.com/trust-center/security-advisories/bt2",
"discovery": "UNKNOWN"
},
"title": "Privilege Management for Windows \u2013 Elevation of Privilege",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
"assignerShortName": "BT",
"cveId": "CVE-2025-0889",
"datePublished": "2025-02-26T01:41:25.407Z",
"dateReserved": "2025-01-30T17:52:42.202Z",
"dateUpdated": "2025-02-26T15:43:14.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47045 (GCVE-0-2024-47045)
Vulnerability from cvelistv5 – Published: 2024-09-26 03:33 – Updated: 2024-09-26 14:45- CWE-268 - Privilege chaining
| Vendor | Product | Version | |
|---|---|---|---|
| National Tax Agency | The installer of e-Tax software(common program) |
Affected:
All versions distributed on the NTA website before 2024 September 24
|
|
| e-tax.nta | e-tax |
Affected:
0 , < 3.0.18
(custom)
cpe:2.3:a:e-tax.nta:e-tax:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:e-tax.nta:e-tax:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-tax",
"vendor": "e-tax.nta",
"versions": [
{
"lessThan": "3.0.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47045",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:42:00.395236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T14:45:34.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "The installer of e-Tax software(common program)",
"vendor": "National Tax Agency",
"versions": [
{
"status": "affected",
"version": "All versions distributed on the NTA website before 2024 September 24"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges than the application privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "Privilege chaining",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T06:22:26.091Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.e-tax.nta.go.jp/topics/2024/topics_20240924_versionup.htm"
},
{
"url": "https://jvn.jp/en/jp/JVN57749899/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47045",
"datePublished": "2024-09-26T03:33:48.931Z",
"dateReserved": "2024-09-17T05:33:19.502Z",
"dateUpdated": "2024-09-26T14:45:34.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4877 (GCVE-0-2024-4877)
Vulnerability from cvelistv5 – Published: 2025-04-03 15:11 – Updated: 2025-04-04 13:25- CWE-268 - Privilege Chaining
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T13:23:24.817604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T13:25:17.430Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "OpenVPN",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.6.11",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "CWE-268 Privilege Chaining",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T15:11:51.057Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-4877"
},
{
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2024-4877",
"datePublished": "2025-04-03T15:11:51.057Z",
"dateReserved": "2024-05-14T17:31:57.913Z",
"dateUpdated": "2025-04-04T13:25:17.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1299 (GCVE-0-2024-1299)
Vulnerability from cvelistv5 – Published: 2024-03-07 00:39 – Updated: 2024-10-03 06:23- CWE-268 - Privilege Chaining
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/440745 | issue-trackingpermissions-required |
| https://hackerone.com/reports/2356976 | technical-descriptionexploitpermissions-required |
| https://about.gitlab.com/releases/2024/03/06/secu… |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T04:00:39.662499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T15:39:12.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:25.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #440745",
"tags": [
"issue-tracking",
"permissions-required",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/440745"
},
{
"name": "HackerOne Bug Bounty Report #2356976",
"tags": [
"technical-description",
"exploit",
"permissions-required",
"x_transferred"
],
"url": "https://hackerone.com/reports/2356976"
},
{
"tags": [
"x_transferred"
],
"url": "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.8.4",
"status": "affected",
"version": "16.8",
"versionType": "semver"
},
{
"lessThan": "16.9.2",
"status": "affected",
"version": "16.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [ashish_r_padelkar](https://hackerone.com/ashish_r_padelkar) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "CWE-268: Privilege Chaining",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T06:23:18.349Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #440745",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/440745"
},
{
"name": "HackerOne Bug Bounty Report #2356976",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2356976"
},
{
"url": "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.8.4, 16.9.2 or above."
}
],
"title": "Privilege Chaining in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-1299",
"datePublished": "2024-03-07T00:39:45.501Z",
"dateReserved": "2024-02-07T06:02:37.306Z",
"dateUpdated": "2024-10-03T06:23:18.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1250 (GCVE-0-2024-1250)
Vulnerability from cvelistv5 – Published: 2024-02-12 20:47 – Updated: 2026-06-02 04:14- CWE-268 - Privilege Chaining
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/439175 | issue-tracking |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:25.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #439175",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/439175"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T01:11:42.842268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T20:54:41.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.8.2",
"status": "affected",
"version": "16.8",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability has been discovered internally by GitLab team member [Rohit Shambhuni](https://gitlab.com/rshambhuni)"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "CWE-268: Privilege Chaining",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T04:14:39.731Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #439175",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/439175"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.8.2 or above."
}
],
"title": "Privilege Chaining in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-1250",
"datePublished": "2024-02-12T20:47:44.401Z",
"dateReserved": "2024-02-06T07:02:25.333Z",
"dateUpdated": "2026-06-02T04:14:39.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-20194 (GCVE-0-2023-20194)
Vulnerability from cvelistv5 – Published: 2023-09-07 19:31 – Updated: 2024-10-23 19:41- CWE-268 - Privilege Chaining
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Affected:
2.6.0
Affected: 2.6.0 p1 Affected: 2.6.0 p2 Affected: 2.6.0 p3 Affected: 2.6.0 p5 Affected: 2.6.0 p6 Affected: 2.6.0 p7 Affected: 2.6.0 p8 Affected: 2.6.0 p9 Affected: 2.6.0 p10 Affected: 2.6.0 p11 Affected: 2.6.0 p12 Affected: 2.7.0 Affected: 2.7.0 p1 Affected: 2.7.0 p2 Affected: 2.7.0 p3 Affected: 2.7.0 p4 Affected: 2.7.0 p5 Affected: 2.7.0 p6 Affected: 2.7.0 p7 Affected: 2.7.0 p9 Affected: 3.0.0 Affected: 3.0.0 p1 Affected: 3.0.0 p2 Affected: 3.0.0 p3 Affected: 3.0.0 p4 Affected: 3.0.0 p5 Affected: 3.0.0 p6 Affected: 3.0.0 p7 Affected: 3.1.0 Affected: 3.1.0 p1 Affected: 3.1.0 p3 Affected: 3.1.0 p4 Affected: 3.1.0 p5 Affected: 3.1.0 p6 Affected: 3.1.0 p7 Affected: 3.2.0 Affected: 3.2.0 p1 Affected: 3.2.0 p2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ise-priv-esc-KJLp2Aw",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T05:00:49.021913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T19:41:43.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.6.0"
},
{
"status": "affected",
"version": "2.6.0 p1"
},
{
"status": "affected",
"version": "2.6.0 p2"
},
{
"status": "affected",
"version": "2.6.0 p3"
},
{
"status": "affected",
"version": "2.6.0 p5"
},
{
"status": "affected",
"version": "2.6.0 p6"
},
{
"status": "affected",
"version": "2.6.0 p7"
},
{
"status": "affected",
"version": "2.6.0 p8"
},
{
"status": "affected",
"version": "2.6.0 p9"
},
{
"status": "affected",
"version": "2.6.0 p10"
},
{
"status": "affected",
"version": "2.6.0 p11"
},
{
"status": "affected",
"version": "2.6.0 p12"
},
{
"status": "affected",
"version": "2.7.0"
},
{
"status": "affected",
"version": "2.7.0 p1"
},
{
"status": "affected",
"version": "2.7.0 p2"
},
{
"status": "affected",
"version": "2.7.0 p3"
},
{
"status": "affected",
"version": "2.7.0 p4"
},
{
"status": "affected",
"version": "2.7.0 p5"
},
{
"status": "affected",
"version": "2.7.0 p6"
},
{
"status": "affected",
"version": "2.7.0 p7"
},
{
"status": "affected",
"version": "2.7.0 p9"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "3.0.0 p1"
},
{
"status": "affected",
"version": "3.0.0 p2"
},
{
"status": "affected",
"version": "3.0.0 p3"
},
{
"status": "affected",
"version": "3.0.0 p4"
},
{
"status": "affected",
"version": "3.0.0 p5"
},
{
"status": "affected",
"version": "3.0.0 p6"
},
{
"status": "affected",
"version": "3.0.0 p7"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p3"
},
{
"status": "affected",
"version": "3.1.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p5"
},
{
"status": "affected",
"version": "3.1.0 p6"
},
{
"status": "affected",
"version": "3.1.0 p7"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.2.0 p1"
},
{
"status": "affected",
"version": "3.2.0 p2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ERS API. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges beyond the sphere of their intended access level, which would allow them to obtain sensitive information from the underlying operating system. Note: The ERS is not enabled by default. To verify the status of the ERS API in the Admin GUI, choose Administration \u003e Settings \u003e API Settings \u003e API Service Settings."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "Privilege Chaining",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:54.347Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-priv-esc-KJLp2Aw",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw"
}
],
"source": {
"advisory": "cisco-sa-ise-priv-esc-KJLp2Aw",
"defects": [
"CSCwd93721"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20194",
"datePublished": "2023-09-07T19:31:49.966Z",
"dateReserved": "2022-10-27T18:47:50.365Z",
"dateUpdated": "2024-10-23T19:41:43.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5839 (GCVE-0-2023-5839)
Vulnerability from cvelistv5 – Published: 2023-10-29 00:00 – Updated: 2024-09-06 19:32- CWE-268 - Privilege Chaining
| Vendor | Product | Version | |
|---|---|---|---|
| hestiacp | hestiacp/hestiacp |
Affected:
unspecified , < 1.8.9
(custom)
|
|
| hestiacp | hestiacp |
Affected:
0 , < 1.8.9
(custom)
cpe:2.3:a:hestiacp:hestiacp:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/21125f12-64a0-42a3-b218-26b9945a5bc0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hestiacp/hestiacp/commit/acb766e1db53de70534524b3fbc2270689112630"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hestiacp:hestiacp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hestiacp",
"vendor": "hestiacp",
"versions": [
{
"lessThan": "1.8.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5839",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:28:28.994768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:32:01.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hestiacp/hestiacp",
"vendor": "hestiacp",
"versions": [
{
"lessThan": "1.8.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "CWE-268 Privilege Chaining",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-29T00:00:19.041Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.com/bounties/21125f12-64a0-42a3-b218-26b9945a5bc0"
},
{
"url": "https://github.com/hestiacp/hestiacp/commit/acb766e1db53de70534524b3fbc2270689112630"
}
],
"source": {
"advisory": "21125f12-64a0-42a3-b218-26b9945a5bc0",
"discovery": "EXTERNAL"
},
"title": "Privilege Chaining in hestiacp/hestiacp"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5839",
"datePublished": "2023-10-29T00:00:19.041Z",
"dateReserved": "2023-10-29T00:00:07.394Z",
"dateUpdated": "2024-09-06T19:32:01.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2250 (GCVE-0-2023-2250)
Vulnerability from cvelistv5 – Published: 2023-04-24 00:00 – Updated: 2025-02-04 16:30- CWE-268 - CWE-501
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/open-cluster-management-io/registration-operator/pull/344"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-2250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T16:29:56.423910Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T16:30:30.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MCE",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "CWE-268,CWE-501",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://github.com/open-cluster-management-io/registration-operator/pull/344"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-2250",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-04-24T00:00:00.000Z",
"dateUpdated": "2025-02-04T16:30:30.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0971 (GCVE-0-2023-0971)
Vulnerability from cvelistv5 – Published: 2023-06-21 19:42 – Updated: 2024-12-06 18:27| Vendor | Product | Version | |
|---|---|---|---|
| Silicon Labs | Z/IP Gateway |
Unaffected:
7.18.03
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T18:27:16.647170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T18:27:23.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Z/IP Gateway",
"vendor": "Silicon Labs",
"versions": [
{
"status": "unaffected",
"version": "7.18.03"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered."
}
],
"value": "A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
},
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
},
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "CWE-268 Privilege Chaining",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T16:16:19.119Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Authentication Bypass in Z/IP Gateway",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2023-0971",
"datePublished": "2023-06-21T19:42:25.906Z",
"dateReserved": "2023-02-22T20:49:08.780Z",
"dateUpdated": "2024-12-06T18:27:23.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0759 (GCVE-0-2023-0759)
Vulnerability from cvelistv5 – Published: 2023-02-09 00:00 – Updated: 2025-03-24 18:14- CWE-268 - Privilege Chaining
| Vendor | Product | Version | |
|---|---|---|---|
| cockpit-hq | cockpit-hq/cockpit |
Affected:
unspecified , < 2.3.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/49e2cccc-bb56-4633-ba6a-b3803e251347"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cockpit-hq/cockpit/commit/78d6ed3bf093ee11356ba66320c628c727068714"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0759",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T18:13:49.253299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T18:14:23.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cockpit-hq/cockpit",
"vendor": "cockpit-hq",
"versions": [
{
"lessThan": "2.3.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "CWE-268 Privilege Chaining",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-09T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/49e2cccc-bb56-4633-ba6a-b3803e251347"
},
{
"url": "https://github.com/cockpit-hq/cockpit/commit/78d6ed3bf093ee11356ba66320c628c727068714"
}
],
"source": {
"advisory": "49e2cccc-bb56-4633-ba6a-b3803e251347",
"discovery": "EXTERNAL"
},
"title": "Privilege Chaining in cockpit-hq/cockpit"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0759",
"datePublished": "2023-02-09T00:00:00.000Z",
"dateReserved": "2023-02-09T00:00:00.000Z",
"dateUpdated": "2025-03-24T18:14:23.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.