CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5455 vulnerabilities reference this CWE, most recent first.
GHSA-C85P-CP3C-GC6C
Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2023-12-31 21:30An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations, aka 'Windows iSCSI Target Service Elevation of Privilege Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2020-16980"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-16T23:15:00Z",
"severity": "HIGH"
},
"details": "An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations, aka \u0027Windows iSCSI Target Service Elevation of Privilege Vulnerability\u0027.",
"id": "GHSA-c85p-cp3c-gc6c",
"modified": "2023-12-31T21:30:24Z",
"published": "2022-05-24T17:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16980"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16980"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C85R-FWC7-45VC
Vulnerability from github – Published: 2024-02-08 18:43 – Updated: 2025-05-23 19:52Impact
A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project. This includes reading or updating a namespace in the project so that it is available in other projects in which the user has the "manage-namespaces" permission or updating another namespace in which the user has normal "update" permissions to be moved into the project.
The expected behavior is to not be able to create, update, or delete a namespace in the project or move another namespace into the project since the user doesn't have any permissions on namespaces in the core API group.
Moving a namespace to another project could lead to leakage of secrets, in case the targeted project has secrets. And also can lead to the namespace being able to abuse the resource quotas of the targeted project.
Patches
Patched versions include releases 2.6.14, 2.7.10 and 2.8.2.
Workarounds
There is no direct mitigation besides updating Rancher to a patched version.
References
If you have any questions or comments about this advisory:
- Reach out to the SUSE Rancher Security team for security-related inquiries.
- Open an issue in the Rancher repository.
- Verify with our support matrix and product support lifecycle.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-32194"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-08T18:43:28Z",
"nvd_published_at": "2024-10-16T13:15:12Z",
"severity": "HIGH"
},
"details": "### Impact\nA vulnerability has been identified when granting a `create` or `*` **global role** for a resource type of \"namespaces\"; no matter the API group, the subject will receive `*` permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project. This includes reading or updating a namespace in the project so that it is available in other projects in which the user has the \"manage-namespaces\" permission or updating another namespace in which the user has normal \"update\" permissions to be moved into the project.\n\nThe expected behavior is to not be able to create, update, or delete a namespace in the project or move another namespace into the project since the user doesn\u0027t have any permissions on namespaces in the core API group.\n\nMoving a namespace to another project could lead to leakage of secrets, in case the targeted project has secrets. And also can lead to the namespace being able to abuse the resource quotas of the targeted project.\n\n### Patches\nPatched versions include releases `2.6.14`, `2.7.10` and `2.8.2`.\n\n### Workarounds\nThere is no direct mitigation besides updating Rancher to a patched version.\n\n### References\nIf you have any questions or comments about this advisory:\n\n- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security-related inquiries.\n- Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.\n- Verify with our [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/).",
"id": "GHSA-c85r-fwc7-45vc",
"modified": "2025-05-23T19:52:22Z",
"published": "2024-02-08T18:43:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-c85r-fwc7-45vc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32194"
},
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/commit/2f7113dc32d4f1f5375a1ae09b65be58f6801a15"
},
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/commit/649fdad268d8ecc748e9fdcca2ddcfdc900f9eaa"
},
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/commit/d4a0ff5e779e3cc5f14d77ce57620e1326ab1c22"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32194"
},
{
"type": "PACKAGE",
"url": "https://github.com/rancher/rancher"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Rancher permissions on \u0027namespaces\u0027 in any API group grants \u0027edit\u0027 permissions on namespaces in \u0027core\u0027"
}
GHSA-C86V-XR5G-XJHX
Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-29976"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T17:15:58Z",
"severity": "HIGH"
},
"details": "Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-c86v-xr5g-xjhx",
"modified": "2025-05-13T18:30:55Z",
"published": "2025-05-13T18:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29976"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29976"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C8FQ-442R-8X7H
Vulnerability from github – Published: 2021-12-16 00:01 – Updated: 2022-07-13 00:00In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-167403112
{
"affected": [],
"aliases": [
"CVE-2021-0434"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-15T19:15:00Z",
"severity": "HIGH"
},
"details": "In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-167403112",
"id": "GHSA-c8fq-442r-8x7h",
"modified": "2022-07-13T00:00:58Z",
"published": "2021-12-16T00:01:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0434"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2021-11-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C8GV-H2P7-9J69
Vulnerability from github – Published: 2023-02-23 06:30 – Updated: 2025-03-12 15:31ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter.
{
"affected": [],
"aliases": [
"CVE-2022-48341"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-23T06:15:00Z",
"severity": "HIGH"
},
"details": "ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter.",
"id": "GHSA-c8gv-h2p7-9j69",
"modified": "2025-03-12T15:31:48Z",
"published": "2023-02-23T06:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48341"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238543"
},
{
"type": "WEB",
"url": "https://thingsboard.io/docs/reference/releases"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C8R9-3PM5-M364
Vulnerability from github – Published: 2023-12-29 06:30 – Updated: 2023-12-29 06:30Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.
{
"affected": [],
"aliases": [
"CVE-2023-51430"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T04:15:09Z",
"severity": "MODERATE"
},
"details": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.\n\n\n",
"id": "GHSA-c8r9-3pm5-m364",
"modified": "2023-12-29T06:30:29Z",
"published": "2023-12-29T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51430"
},
{
"type": "WEB",
"url": "https://www.hihonor.com/global/security/cve-2023-51430"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C8RM-MQ29-8V2M
Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2022-05-24 17:19An elevation of privilege vulnerability exists in the way that the Windows Bluetooth Service handles objects in memory, aka 'Windows Bluetooth Service Elevation of Privilege Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2020-1280"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-09T20:15:00Z",
"severity": "MODERATE"
},
"details": "An elevation of privilege vulnerability exists in the way that the Windows Bluetooth Service handles objects in memory, aka \u0027Windows Bluetooth Service Elevation of Privilege Vulnerability\u0027.",
"id": "GHSA-c8rm-mq29-8v2m",
"modified": "2022-05-24T17:19:56Z",
"published": "2022-05-24T17:19:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1280"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1280"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-C8VM-QJ77-29CQ
Vulnerability from github – Published: 2023-09-15 06:30 – Updated: 2024-04-04 07:42An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation.
{
"affected": [],
"aliases": [
"CVE-2023-36657"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-15T06:15:07Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation.",
"id": "GHSA-c8vm-qj77-29cq",
"modified": "2024-04-04T07:42:01Z",
"published": "2023-09-15T06:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36657"
},
{
"type": "WEB",
"url": "https://docs.opswat.com/mdkiosk"
},
{
"type": "WEB",
"url": "https://docs.opswat.com/mdkiosk/release-notes/cve-2023-36657"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C8WJ-4P37-JWXF
Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2025-04-20 03:50In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.
{
"affected": [],
"aliases": [
"CVE-2017-5254"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-20T22:29:00Z",
"severity": "HIGH"
},
"details": "In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users \u0027installer\u0027 and \u0027home\u0027 have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.",
"id": "GHSA-c8wj-4p37-jwxf",
"modified": "2025-04-20T03:50:21Z",
"published": "2022-05-13T01:36:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5254"
},
{
"type": "WEB",
"url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C924-XXQF-59V3
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-10-26 12:00Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with 'Learner' permissions can leverage this scenario to access the list of event participants.
{
"affected": [],
"aliases": [
"CVE-2021-28579"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-28T15:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with \u0027Learner\u0027 permissions can leverage this scenario to access the list of event participants.",
"id": "GHSA-c924-xxqf-59v3",
"modified": "2022-10-26T12:00:31Z",
"published": "2022-05-24T19:06:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28579"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/connect/apsb21-36.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.