Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5455 vulnerabilities reference this CWE, most recent first.

GHSA-C9PV-GW7F-R9FM

Vulnerability from github – Published: 2026-07-18 09:32 – Updated: 2026-07-18 09:32
VLAI
Details

VMware Avi Load Balancer contains a local privilege escalation vulnerability. A malicious user with local access may be able to escalate their privileges to run code as root.

Affected versions: 32.1.1 (fixed in 32.1.2) 31.1.1 through 31.2.2 (fixed in 31.2.2-2p3) 30.1.1 through 30.2.6 (fixed in 30.2.7) 22.1.1 through 22.1.7 (fixed in 30.2.7)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-47868"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-18T09:17:08Z",
    "severity": "HIGH"
  },
  "details": "VMware Avi Load Balancer contains a local privilege escalation vulnerability. A malicious user with local access may be able to escalate their privileges to run code as root.\n\nAffected versions:\n32.1.1 (fixed in 32.1.2)\n31.1.1 through 31.2.2 (fixed in 31.2.2-2p3)\n30.1.1 through 30.2.6 (fixed in 30.2.7)\n22.1.1 through 22.1.7 (fixed in 30.2.7)",
  "id": "GHSA-c9pv-gw7f-r9fm",
  "modified": "2026-07-18T09:32:18Z",
  "published": "2026-07-18T09:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47868"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37926"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C9V4-RXRM-VMC5

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12
VLAI
Details

Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-30355"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-01T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root.",
  "id": "GHSA-c9v4-rxrm-vmc5",
  "modified": "2022-05-24T19:12:41Z",
  "published": "2022-05-24T19:12:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30355"
    },
    {
      "type": "WEB",
      "url": "https://research.checkpoint.com/2021/i-can-take-over-your-kindle"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-C9VM-R7MJ-WM49

Vulnerability from github – Published: 2025-02-22 03:30 – Updated: 2025-02-22 03:30
VLAI
Details

IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22341"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-22T01:15:10Z",
    "severity": "MODERATE"
  },
  "details": "IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management.",
  "id": "GHSA-c9vm-r7mj-wm49",
  "modified": "2025-02-22T03:30:37Z",
  "published": "2025-02-22T03:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22341"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7183851"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C9W5-QP6M-M395

Vulnerability from github – Published: 2026-05-28 18:30 – Updated: 2026-07-09 23:32
VLAI
Summary
Casdoor: GetTokenExchangeToken bypass through lack of cross-organization JWT signature check
Details

Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does not verify that the token's user belongs to the same organization as the target application. This can result in privilege escalation across organizational boundaries.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/casdoor/casdoor"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.387.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-9094"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-09T23:32:36Z",
    "nvd_published_at": "2026-05-28T17:16:34Z",
    "severity": "CRITICAL"
  },
  "details": "Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does not verify that the token\u0027s user belongs to the same organization as the target application. This can result in privilege escalation across organizational boundaries.",
  "id": "GHSA-c9w5-qp6m-m395",
  "modified": "2026-07-09T23:32:36Z",
  "published": "2026-05-28T18:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9094"
    },
    {
      "type": "WEB",
      "url": "https://github.com/casdoor/casdoor/commit/d92b8568686d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/casdoor/casdoor"
    },
    {
      "type": "WEB",
      "url": "https://kb.cert.org/vuls/id/780781"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Casdoor: GetTokenExchangeToken bypass through lack of cross-organization JWT signature check"
}

GHSA-C9X9-XV66-XP3V

Vulnerability from github – Published: 2021-11-10 15:30 – Updated: 2021-11-08 18:54
VLAI
Summary
Improper privilege management in Keycloak
Details

A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "12.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-14389"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-916"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-08T18:54:51Z",
    "nvd_published_at": "2020-11-17T02:15:00Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission.",
  "id": "GHSA-c9x9-xv66-xp3v",
  "modified": "2021-11-08T18:54:51Z",
  "published": "2021-11-10T15:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14389"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/cve-2020-14389"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper privilege management in Keycloak"
}

GHSA-CC3M-W7MM-948M

Vulnerability from github – Published: 2025-04-07 18:30 – Updated: 2025-04-07 21:32
VLAI
Details

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-28400"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-07T16:15:24Z",
    "severity": "MODERATE"
  },
  "details": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method",
  "id": "GHSA-cc3m-w7mm-948m",
  "modified": "2025-04-07T21:32:07Z",
  "published": "2025-04-07T18:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28400"
    },
    {
      "type": "WEB",
      "url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28400.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yangzongzhuan/RuoYi"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CC65-VJ4F-XM35

Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2022-05-24 17:19
VLAI
Details

An elevation of privilege vulnerability exists when Windows Modules Installer Service improperly handles class object members.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Modules Installer Service Elevation of Privilege Vulnerability'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1254"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-09T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "An elevation of privilege vulnerability exists when Windows Modules Installer Service improperly handles class object members.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka \u0027Windows Modules Installer Service Elevation of Privilege Vulnerability\u0027.",
  "id": "GHSA-cc65-vj4f-xm35",
  "modified": "2022-05-24T17:19:53Z",
  "published": "2022-05-24T17:19:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1254"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1254"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CC75-W727-3JQW

Vulnerability from github – Published: 2021-12-14 00:00 – Updated: 2021-12-16 00:02
VLAI
Details

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege to a maintainer on projects they import

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39944"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-13T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege to a maintainer on projects they import",
  "id": "GHSA-cc75-w727-3jqw",
  "modified": "2021-12-16T00:02:44Z",
  "published": "2021-12-14T00:00:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39944"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1256017"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39944.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/336531"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CC94-45Q3-H8PP

Vulnerability from github – Published: 2023-11-14 21:31 – Updated: 2023-11-14 21:31
VLAI
Details

Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-31273"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-693"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-14T19:15:24Z",
    "severity": "CRITICAL"
  },
  "details": "Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.",
  "id": "GHSA-cc94-45q3-h8pp",
  "modified": "2023-11-14T21:31:01Z",
  "published": "2023-11-14T21:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31273"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00902.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CCJC-3GWX-9M2Q

Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2024-04-04 01:43
VLAI
Details

An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\System. An attacker would need local access to the machine for a successful exploit. The attacker must disconnect the computer from the local network / WAN and connect it to an internet facing access point / network. At that point, the attacker can execute the password-reset functionality, which will expose a web browser. Browsing to a site that calls local Windows system functions (e.g., file upload) will expose the local file system. From there an attacker can launch a privileged command shell.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-12889"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-20T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\\System. An attacker would need local access to the machine for a successful exploit. The attacker must disconnect the computer from the local network / WAN and connect it to an internet facing access point / network. At that point, the attacker can execute the password-reset functionality, which will expose a web browser. Browsing to a site that calls local Windows system functions (e.g., file upload) will expose the local file system. From there an attacker can launch a privileged command shell.",
  "id": "GHSA-ccjc-3gwx-9m2q",
  "modified": "2024-04-04T01:43:14Z",
  "published": "2022-05-24T16:54:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12889"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nulsect0r/CVE-2019-12889"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.