CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5451 vulnerabilities reference this CWE, most recent first.
GHSA-CMV8-6362-R5W9
Vulnerability from github – Published: 2022-05-23 20:16 – Updated: 2026-02-06 21:31Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes.
- The attacker creates a workflow that produces a HTML artifact that contains a HTML file that contains a script which uses XHR calls to interact with the Argo Server API.
- The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running.
As the script has access to the Argo Server API (as the victim), so may do the following (if the victim may):
- Read information about the victim’s workflows.
- Create or delete workflows.
Notes:
- The attacker must be an insider: they must have access to the same cluster as the victim and must already be able to run their own workflows.
- The attacker must have an understanding of the victim’s system. They won’t be able to repeatedly probe due to the social engineering aspect.
- The attacker is likely leave an audit trail.
We have seen no evidence of this in the wild. While the impact is high, it is very hard to exploit.
We urge all users to upgrade to the fixed versions. Disabling the Argo Server is the only known workaround. Note version 2.12 has been out of support for sometime. No fix is currently planned.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-workflows/v3"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "3.2.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/argoproj/argo-workflows/v3"
},
"ranges": [
{
"events": [
{
"introduced": "3.3.0"
},
{
"fixed": "3.3.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-29164"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-23T20:16:05Z",
"nvd_published_at": "2022-05-06T00:15:00Z",
"severity": "HIGH"
},
"details": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes.\n\n* The attacker creates a workflow that produces a HTML artifact that contains a HTML file that contains a script which uses XHR calls to interact with the Argo Server API.\n* The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running.\n\nAs the script has access to the Argo Server API (as the victim), so may do the following (if the victim may):\n\n* Read information about the victim\u2019s workflows.\n* Create or delete workflows.\n\nNotes:\n\n* The attacker must be an insider: they must have access to the same cluster as the victim and must already be able to run their own workflows. \n* The attacker must have an understanding of the victim\u2019s system. They won\u2019t be able to repeatedly probe due to the social engineering aspect.\n* The attacker is likely leave an audit trail.\n\nWe have seen no evidence of this in the wild. While the impact is high, it is very hard to exploit. \n\nWe urge all users to upgrade to the fixed versions. Disabling the Argo Server is the only known workaround. Note version 2.12 has been out of support for sometime. No fix is currently planned.",
"id": "GHSA-cmv8-6362-r5w9",
"modified": "2026-02-06T21:31:02Z",
"published": "2022-05-23T20:16:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-cmv8-6362-r5w9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29164"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-workflows/pull/8585"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-workflows/commit/87470e1c2bf703a9110e97bb755614ce8757fdcc"
},
{
"type": "PACKAGE",
"url": "github.com/argoproj/argo-workflows"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows"
}
GHSA-CMWH-2HHQ-V8PR
Vulnerability from github – Published: 2024-08-06 15:30 – Updated: 2024-08-06 15:30Privilege escalation vulnerability identified in OpenText ArcSight Intelligence.
{
"affected": [],
"aliases": [
"CVE-2024-6359"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-06T13:15:56Z",
"severity": "MODERATE"
},
"details": "Privilege escalation vulnerability identified in OpenText ArcSight Intelligence.",
"id": "GHSA-cmwh-2hhq-v8pr",
"modified": "2024-08-06T15:30:53Z",
"published": "2024-08-06T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6359"
},
{
"type": "WEB",
"url": "https://portal.microfocus.com/s/article/KM000032594"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-CP2H-38MG-RCR9
Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2022-05-13 01:19An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root.
{
"affected": [],
"aliases": [
"CVE-2018-12261"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-12T18:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root.",
"id": "GHSA-cp2h-38mg-rcr9",
"modified": "2022-05-13T01:19:01Z",
"published": "2022-05-13T01:19:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12261"
},
{
"type": "WEB",
"url": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CP2R-RVGM-X6RH
Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2024-01-04 03:30An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Work Folders Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1470, CVE-2020-1484.
{
"affected": [],
"aliases": [
"CVE-2020-1516"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-17T19:15:00Z",
"severity": "MODERATE"
},
"details": "An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows Work Folders Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1470, CVE-2020-1484.",
"id": "GHSA-cp2r-rvgm-x6rh",
"modified": "2024-01-04T03:30:34Z",
"published": "2022-05-24T17:25:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1516"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1516"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CP3Q-M9WF-V837
Vulnerability from github – Published: 2022-01-12 00:00 – Updated: 2024-11-14 21:31Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21970.
{
"affected": [],
"aliases": [
"CVE-2022-21954"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-11T21:15:00Z",
"severity": "MODERATE"
},
"details": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21970.",
"id": "GHSA-cp3q-m9wf-v837",
"modified": "2024-11-14T21:31:55Z",
"published": "2022-01-12T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21954"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21954"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21954"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CP49-57WW-RMVR
Vulnerability from github – Published: 2026-01-09 09:31 – Updated: 2026-04-08 18:34The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.25. This is due to insufficient validation of user-supplied role values in the 'validate_value', 'pre_update_value', and 'get_fields_display' functions. This makes it possible for unauthenticated attackers to register as administrators and gain complete control of the site, granted they can access a user registration form containing a Role field.
{
"affected": [],
"aliases": [
"CVE-2025-14736"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-09T07:16:01Z",
"severity": "CRITICAL"
},
"details": "The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.25. This is due to insufficient validation of user-supplied role values in the \u0027validate_value\u0027, \u0027pre_update_value\u0027, and \u0027get_fields_display\u0027 functions. This makes it possible for unauthenticated attackers to register as administrators and gain complete control of the site, granted they can access a user registration form containing a Role field.",
"id": "GHSA-cp49-57ww-rmvr",
"modified": "2026-04-08T18:34:02Z",
"published": "2026-01-09T09:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14736"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3427243/acf-frontend-form-element/trunk/main/frontend/fields/user/class-role.php"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3472098%40acf-frontend-form-element\u0026new=3472098%40acf-frontend-form-element\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07eb71fc-6588-490d-8947-3077ec4a9045?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CP6H-5PCM-V6V4
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2023-08-02 00:30Windows Desktop Bridge Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2021-41334"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-13T01:15:00Z",
"severity": "HIGH"
},
"details": "Windows Desktop Bridge Elevation of Privilege Vulnerability",
"id": "GHSA-cp6h-5pcm-v6v4",
"modified": "2023-08-02T00:30:38Z",
"published": "2022-05-24T19:17:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41334"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41334"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CP6R-XXCW-9QM2
Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2023-12-31 21:30Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014.
{
"affected": [],
"aliases": [
"CVE-2020-17001"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-11T07:15:00Z",
"severity": "HIGH"
},
"details": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014.",
"id": "GHSA-cp6r-xxcw-9qm2",
"modified": "2023-12-31T21:30:24Z",
"published": "2022-05-24T17:33:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17001"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CP86-86QV-HQ88
Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2022-05-13 01:48TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows.
{
"affected": [],
"aliases": [
"CVE-2018-10168"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-03T18:29:00Z",
"severity": "HIGH"
},
"details": "TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows.",
"id": "GHSA-cp86-86qv-hq88",
"modified": "2022-05-13T01:48:42Z",
"published": "2022-05-13T01:48:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10168"
},
{
"type": "WEB",
"url": "https://www.coresecurity.com/advisories/tp-link-eap-controller-multiple-vulnerabilities"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104094"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CP8G-495J-P236
Vulnerability from github – Published: 2022-05-24 17:10 – Updated: 2022-05-24 17:10An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2020-0793"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-12T16:15:00Z",
"severity": "MODERATE"
},
"details": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka \u0027Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\u0027.",
"id": "GHSA-cp8g-495j-p236",
"modified": "2022-05-24T17:10:56Z",
"published": "2022-05-24T17:10:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0793"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0793"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.