Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5450 vulnerabilities reference this CWE, most recent first.

GHSA-CQ9R-XGXQ-8RGC

Vulnerability from github – Published: 2022-05-24 17:27 – Updated: 2024-01-01 00:30
VLAI
Details

An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory, aka 'Windows Modules Installer Elevation of Privilege Vulnerability'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-0911"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-11T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory, aka \u0027Windows Modules Installer Elevation of Privilege Vulnerability\u0027.",
  "id": "GHSA-cq9r-xgxq-8rgc",
  "modified": "2024-01-01T00:30:39Z",
  "published": "2022-05-24T17:27:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0911"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0911"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CQJ5-C26P-JCV4

Vulnerability from github – Published: 2023-08-04 00:30 – Updated: 2024-01-25 18:30
VLAI
Details

A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system.

This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions.

There are workarounds that address this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20216"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-03T22:15:11Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. \n\n This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions.\n\n   There are workarounds that address this vulnerability.",
  "id": "GHSA-cqj5-c26p-jcv4",
  "modified": "2024-01-25T18:30:37Z",
  "published": "2023-08-04T00:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20216"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-priv-esc-qTgUZOsQ"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CQM4-W39P-G223

Vulnerability from github – Published: 2022-05-17 19:57 – Updated: 2024-04-04 00:00
VLAI
Details

Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-6448"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-15T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access.",
  "id": "GHSA-cqm4-w39p-g223",
  "modified": "2024-04-04T00:00:25Z",
  "published": "2022-05-17T19:57:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6448"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10695"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CQV6-CX7Q-C7W5

Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-07-13 00:01
VLAI
Details

The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28818"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-23T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.\u0027s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.\u0027s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.",
  "id": "GHSA-cqv6-cx7q-c7w5",
  "modified": "2022-07-13T00:01:15Z",
  "published": "2022-05-24T17:45:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28818"
    },
    {
      "type": "WEB",
      "url": "http://www.tibco.com/services/support/advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CQXR-XF2W-943W

Vulnerability from github – Published: 2021-05-11 00:05 – Updated: 2022-10-25 20:33
VLAI
Summary
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
Details

Impact

This vulnerability impacts generated code. If this code was generated as a one-off occasion, not as a part of an automated CI/CD process, this code will remain vulnerable until fixed manually!

On Unix-Like systems, the system temporary directory is shared between all local users. When files/directories are created, the default umask settings for the process are respected. As a result, by default, most processes/apis will create files/directories with the permissions -rw-r--r-- and drwxr-xr-x respectively, unless an API that explicitly sets safe file permissions is used.

This vulnerability exists due to the use of the JDK method File.createTempFile. This method creates an insecure temporary files that can leave application and system data vulnerable to exposure.

Auto-generated code (Java, Scala) that deals with uploading or downloading binary data through API endpoints will create insecure temporary files during the process. For example, if the API endpoint returns a PDF file, the auto-generated clients will first download the PDF into a insecure temporary file that can be read by anyone on the system.

Affected generators: - Java - okhttp-gson (default library) https://github.com/OpenAPITools/openapi-generator/blob/d85f61ff0cfd6b8cd7063a63f302998a51466269/modules/openapi-generator/src/main/resources/Java/libraries/okhttp-gson/ApiClient.mustache#L1085-L1088 - jersey2 https://github.com/OpenAPITools/openapi-generator/blob/d85f61ff0cfd6b8cd7063a63f302998a51466269/modules/openapi-generator/src/main/resources/Java/libraries/jersey2/ApiClient.mustache#L1035-L1038 - resteasy https://github.com/OpenAPITools/openapi-generator/blob/d85f61ff0cfd6b8cd7063a63f302998a51466269/modules/openapi-generator/src/main/resources/Java/libraries/resteasy/ApiClient.mustache#L604-L607 - retrofit2 https://github.com/OpenAPITools/openapi-generator/blob/d85f61ff0cfd6b8cd7063a63f302998a51466269/modules/openapi-generator/src/main/resources/Java/libraries/retrofit2/play26/ApiClient.mustache#L202-L208 - Scala - scala-finch https://github.com/OpenAPITools/openapi-generator/blob/764a3b044c19fadf4a0789473cde96a65b77868a/modules/openapi-generator/src/main/resources/scala-finch/api.mustache#L83-L88 - scala-akka https://github.com/OpenAPITools/openapi-generator/blob/150e24dc553a8ea5230ffb938ed3e6020e972faa/modules/openapi-generator/src/main/resources/scala-akka-http-server/multipartDirectives.mustache#L71-L73

Patches

The issue has been patched by changing the generated code to use the JDK method Files.createTempFile and released in the v5.1.0 stable version.

This vulnerability has the same root cause as CVE-2021-21364 from the swagger-api/swagger-codegen project as this project and that one both share the same original source tree. https://github.com/swagger-api/swagger-codegen/security/advisories/GHSA-hpv8-9rq5-hq7w

For more information

If you have any questions or comments about this advisory: * Open an issue in OpenAPI Generator Github repo * Email us at security@openapitools.org

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.openapitools:openapi-generator"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21430"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-377",
      "CWE-378",
      "CWE-379",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-10T19:25:35Z",
    "nvd_published_at": "2021-05-10T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\n**This vulnerability impacts generated code.** If this code was generated as a one-off occasion, not as a part of an automated CI/CD process, this code will remain vulnerable until fixed manually!\n\nOn Unix-Like systems, the system temporary directory is shared between all local users. When files/directories are created, the default `umask` settings for the process are respected. As a result, by default, most processes/apis will create files/directories with the permissions `-rw-r--r--` and `drwxr-xr-x` respectively, unless an API that explicitly sets safe file permissions is used.\n\nThis vulnerability exists due to the use of the JDK method `File.createTempFile`. This method creates an insecure temporary files that can leave application and system data vulnerable to exposure.\n\nAuto-generated code (Java, Scala) that deals with uploading or downloading binary data through API endpoints will create insecure temporary files during the process. For example, if the API endpoint returns a PDF file, the auto-generated clients will first download the PDF into a insecure temporary file that can be read by anyone on the system.\n\nAffected generators: \n - Java\n   - `okhttp-gson` (default library)\n     https://github.com/OpenAPITools/openapi-generator/blob/d85f61ff0cfd6b8cd7063a63f302998a51466269/modules/openapi-generator/src/main/resources/Java/libraries/okhttp-gson/ApiClient.mustache#L1085-L1088\n   - `jersey2`\n     https://github.com/OpenAPITools/openapi-generator/blob/d85f61ff0cfd6b8cd7063a63f302998a51466269/modules/openapi-generator/src/main/resources/Java/libraries/jersey2/ApiClient.mustache#L1035-L1038\n   - `resteasy`\n     https://github.com/OpenAPITools/openapi-generator/blob/d85f61ff0cfd6b8cd7063a63f302998a51466269/modules/openapi-generator/src/main/resources/Java/libraries/resteasy/ApiClient.mustache#L604-L607\n   - `retrofit2`\n      https://github.com/OpenAPITools/openapi-generator/blob/d85f61ff0cfd6b8cd7063a63f302998a51466269/modules/openapi-generator/src/main/resources/Java/libraries/retrofit2/play26/ApiClient.mustache#L202-L208\n - Scala\n   - `scala-finch`\n      https://github.com/OpenAPITools/openapi-generator/blob/764a3b044c19fadf4a0789473cde96a65b77868a/modules/openapi-generator/src/main/resources/scala-finch/api.mustache#L83-L88\n   - `scala-akka`\n      https://github.com/OpenAPITools/openapi-generator/blob/150e24dc553a8ea5230ffb938ed3e6020e972faa/modules/openapi-generator/src/main/resources/scala-akka-http-server/multipartDirectives.mustache#L71-L73\n\n### Patches\n\nThe issue has been patched by changing the generated code to use the JDK method `Files.createTempFile` and released in the v5.1.0 stable version.\n\nThis vulnerability has the same root cause as CVE-2021-21364 from the `swagger-api/swagger-codegen` project as this project and that one both share the same original source tree.\nhttps://github.com/swagger-api/swagger-codegen/security/advisories/GHSA-hpv8-9rq5-hq7w\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [OpenAPI Generator Github repo](https://github.com/openAPITools/openapi-generator/)\n* Email us at [security@openapitools.org](mailto:security@openapitools.org)",
  "id": "GHSA-cqxr-xf2w-943w",
  "modified": "2022-10-25T20:33:52Z",
  "published": "2021-05-11T00:05:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-cqxr-xf2w-943w"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21430"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenAPITools/openapi-generator/pull/8787"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenAPITools/openapi-generator/pull/8791"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenAPITools/openapi-generator/pull/9348"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/OpenAPITools/openapi-generator"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code"
}

GHSA-CR4W-2PPQ-M3WQ

Vulnerability from github – Published: 2026-06-20 03:32 – Updated: 2026-06-20 03:32
VLAI
Details

Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that allows app-limited API keys to mint unrestricted keys by setting empty limits. Attackers with a compromised app-limited key can create an unrestricted key with org-wide access to resources like app listings and other protected endpoints.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56216"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-20T01:16:16Z",
    "severity": "HIGH"
  },
  "details": "Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that allows app-limited API keys to mint unrestricted keys by setting empty limits. Attackers with a compromised app-limited key can create an unrestricted key with org-wide access to resources like app listings and other protected endpoints.",
  "id": "GHSA-cr4w-2ppq-m3wq",
  "modified": "2026-06-20T03:32:30Z",
  "published": "2026-06-20T03:32:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Cap-go/capgo/security/advisories/GHSA-2ff8-7h96-hwfp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56216"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/capgo-scope-escalation-via-api-key-creation-in-functions-v1-apikey"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CR79-9PWF-R6F5

Vulnerability from github – Published: 2019-02-18 23:34 – Updated: 2021-09-16 20:42
VLAI
Summary
Downloads Resources over HTTP in prince
Details

Affected versions of prince insecurely download an executable over an unencrypted HTTP connection.

In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running prince.

Recommendation

Update to version 1.4.6 or later.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.4.6"
      },
      "package": {
        "ecosystem": "npm",
        "name": "prince"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-10591"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-311"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:32:46Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Affected versions of `prince` insecurely download an executable over an unencrypted HTTP connection. \n\nIn scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running `prince`.\n\n\n## Recommendation\n\nUpdate to version 1.4.6 or later.",
  "id": "GHSA-cr79-9pwf-r6f5",
  "modified": "2021-09-16T20:42:47Z",
  "published": "2019-02-18T23:34:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10591"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-cr79-9pwf-r6f5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rse/node-prince"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/185"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Downloads Resources over HTTP in prince"
}

GHSA-CR7H-X4FR-XQW7

Vulnerability from github – Published: 2022-05-24 17:10 – Updated: 2022-05-24 17:10
VLAI
Details

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-0777"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-12T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka \u0027Windows Work Folder Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897.",
  "id": "GHSA-cr7h-x4fr-xqw7",
  "modified": "2022-05-24T17:10:55Z",
  "published": "2022-05-24T17:10:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0777"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0777"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CRG4-9CVH-C76F

Vulnerability from github – Published: 2022-05-24 17:16 – Updated: 2022-05-24 17:16
VLAI
Details

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-12138"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-27T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\\SYSTEM privileges via a DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages.",
  "id": "GHSA-crg4-9cvh-c76f",
  "modified": "2022-05-24T17:16:35Z",
  "published": "2022-05-24T17:16:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12138"
    },
    {
      "type": "WEB",
      "url": "https://eclypsium.com/2019/11/12/mother-of-all-drivers"
    },
    {
      "type": "WEB",
      "url": "https://h0mbre.github.io/atillk64_exploit"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CRM9-GF54-3RF6

Vulnerability from github – Published: 2022-04-12 00:00 – Updated: 2022-04-19 00:01
VLAI
Details

The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22257"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-11T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.",
  "id": "GHSA-crm9-gf54-3rf6",
  "modified": "2022-04-19T00:01:20Z",
  "published": "2022-04-12T00:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22257"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2022/4"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202204-0000001224076294"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.