Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5455 vulnerabilities reference this CWE, most recent first.

GHSA-C85P-CP3C-GC6C

Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2023-12-31 21:30
VLAI
Details

An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations, aka 'Windows iSCSI Target Service Elevation of Privilege Vulnerability'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-16980"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-16T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations, aka \u0027Windows iSCSI Target Service Elevation of Privilege Vulnerability\u0027.",
  "id": "GHSA-c85p-cp3c-gc6c",
  "modified": "2023-12-31T21:30:24Z",
  "published": "2022-05-24T17:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16980"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16980"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C85R-FWC7-45VC

Vulnerability from github – Published: 2024-02-08 18:43 – Updated: 2025-05-23 19:52
VLAI
Summary
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
Details

Impact

A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project. This includes reading or updating a namespace in the project so that it is available in other projects in which the user has the "manage-namespaces" permission or updating another namespace in which the user has normal "update" permissions to be moved into the project.

The expected behavior is to not be able to create, update, or delete a namespace in the project or move another namespace into the project since the user doesn't have any permissions on namespaces in the core API group.

Moving a namespace to another project could lead to leakage of secrets, in case the targeted project has secrets. And also can lead to the namespace being able to abuse the resource quotas of the targeted project.

Patches

Patched versions include releases 2.6.14, 2.7.10 and 2.8.2.

Workarounds

There is no direct mitigation besides updating Rancher to a patched version.

References

If you have any questions or comments about this advisory:

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-32194"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-08T18:43:28Z",
    "nvd_published_at": "2024-10-16T13:15:12Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nA vulnerability has been identified when granting a `create` or `*` **global role** for a resource type of \"namespaces\"; no matter the API group, the subject will receive `*` permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project. This includes reading or updating a namespace in the project so that it is available in other projects in which the user has the \"manage-namespaces\" permission or updating another namespace in which the user has normal \"update\" permissions to be moved into the project.\n\nThe expected behavior is to not be able to create, update, or delete a namespace in the project or move another namespace into the project since the user doesn\u0027t have any permissions on namespaces in the core API group.\n\nMoving a namespace to another project could lead to leakage of secrets, in case the targeted project has secrets. And also can lead to the namespace being able to abuse the resource quotas of the targeted project.\n\n### Patches\nPatched versions include releases `2.6.14`, `2.7.10` and `2.8.2`.\n\n### Workarounds\nThere is no direct mitigation besides updating Rancher to a patched version.\n\n### References\nIf you have any questions or comments about this advisory:\n\n- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security-related inquiries.\n- Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.\n- Verify with our [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/).",
  "id": "GHSA-c85r-fwc7-45vc",
  "modified": "2025-05-23T19:52:22Z",
  "published": "2024-02-08T18:43:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/security/advisories/GHSA-c85r-fwc7-45vc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32194"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/commit/2f7113dc32d4f1f5375a1ae09b65be58f6801a15"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/commit/649fdad268d8ecc748e9fdcca2ddcfdc900f9eaa"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/commit/d4a0ff5e779e3cc5f14d77ce57620e1326ab1c22"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32194"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rancher/rancher"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Rancher permissions on \u0027namespaces\u0027 in any API group grants \u0027edit\u0027 permissions on namespaces in \u0027core\u0027"
}

GHSA-C86V-XR5G-XJHX

Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30
VLAI
Details

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-29976"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-13T17:15:58Z",
    "severity": "HIGH"
  },
  "details": "Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-c86v-xr5g-xjhx",
  "modified": "2025-05-13T18:30:55Z",
  "published": "2025-05-13T18:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29976"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29976"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C8FQ-442R-8X7H

Vulnerability from github – Published: 2021-12-16 00:01 – Updated: 2022-07-13 00:00
VLAI
Details

In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-167403112

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0434"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-15T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-167403112",
  "id": "GHSA-c8fq-442r-8x7h",
  "modified": "2022-07-13T00:00:58Z",
  "published": "2021-12-16T00:01:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0434"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2021-11-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C8GV-H2P7-9J69

Vulnerability from github – Published: 2023-02-23 06:30 – Updated: 2025-03-12 15:31
VLAI
Details

ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48341"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-23T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter.",
  "id": "GHSA-c8gv-h2p7-9j69",
  "modified": "2025-03-12T15:31:48Z",
  "published": "2023-02-23T06:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48341"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238543"
    },
    {
      "type": "WEB",
      "url": "https://thingsboard.io/docs/reference/releases"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C8R9-3PM5-M364

Vulnerability from github – Published: 2023-12-29 06:30 – Updated: 2023-12-29 06:30
VLAI
Details

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-51430"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-29T04:15:09Z",
    "severity": "MODERATE"
  },
  "details": "\nSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.\n\n\n",
  "id": "GHSA-c8r9-3pm5-m364",
  "modified": "2023-12-29T06:30:29Z",
  "published": "2023-12-29T06:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51430"
    },
    {
      "type": "WEB",
      "url": "https://www.hihonor.com/global/security/cve-2023-51430"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C8RM-MQ29-8V2M

Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2022-05-24 17:19
VLAI
Details

An elevation of privilege vulnerability exists in the way that the Windows Bluetooth Service handles objects in memory, aka 'Windows Bluetooth Service Elevation of Privilege Vulnerability'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1280"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-09T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An elevation of privilege vulnerability exists in the way that the Windows Bluetooth Service handles objects in memory, aka \u0027Windows Bluetooth Service Elevation of Privilege Vulnerability\u0027.",
  "id": "GHSA-c8rm-mq29-8v2m",
  "modified": "2022-05-24T17:19:56Z",
  "published": "2022-05-24T17:19:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1280"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1280"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-C8VM-QJ77-29CQ

Vulnerability from github – Published: 2023-09-15 06:30 – Updated: 2024-04-04 07:42
VLAI
Details

An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-36657"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-15T06:15:07Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation.",
  "id": "GHSA-c8vm-qj77-29cq",
  "modified": "2024-04-04T07:42:01Z",
  "published": "2023-09-15T06:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36657"
    },
    {
      "type": "WEB",
      "url": "https://docs.opswat.com/mdkiosk"
    },
    {
      "type": "WEB",
      "url": "https://docs.opswat.com/mdkiosk/release-notes/cve-2023-36657"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C8WJ-4P37-JWXF

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2025-04-20 03:50
VLAI
Details

In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-5254"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-20T22:29:00Z",
    "severity": "HIGH"
  },
  "details": "In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users \u0027installer\u0027 and \u0027home\u0027 have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.",
  "id": "GHSA-c8wj-4p37-jwxf",
  "modified": "2025-04-20T03:50:21Z",
  "published": "2022-05-13T01:36:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5254"
    },
    {
      "type": "WEB",
      "url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C924-XXQF-59V3

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-10-26 12:00
VLAI
Details

Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with 'Learner' permissions can leverage this scenario to access the list of event participants.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28579"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-28T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with \u0027Learner\u0027 permissions can leverage this scenario to access the list of event participants.",
  "id": "GHSA-c924-xxqf-59v3",
  "modified": "2022-10-26T12:00:31Z",
  "published": "2022-05-24T19:06:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28579"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/connect/apsb21-36.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.