CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5433 vulnerabilities reference this CWE, most recent first.
GHSA-FWFW-QRV2-XVWQ
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used.
{
"affected": [],
"aliases": [
"CVE-2021-23243"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-27T13:15:00Z",
"severity": "HIGH"
},
"details": "In Oppo\u0027s battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used.",
"id": "GHSA-fwfw-qrv2-xvwq",
"modified": "2022-05-24T19:15:52Z",
"published": "2022-05-24T19:15:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23243"
},
{
"type": "WEB",
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1437389627236556800"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FWP9-F988-69XR
Vulnerability from github – Published: 2026-04-17 09:31 – Updated: 2026-07-08 03:30Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific partitions and set writable system properties.
{
"affected": [],
"aliases": [
"CVE-2026-40002"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-17T08:16:18Z",
"severity": "MODERATE"
},
"details": "Red Magic 11 Pro (NX809J)\u00a0contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific partitions and set writable system properties.",
"id": "GHSA-fwp9-f988-69xr",
"modified": "2026-07-08T03:30:24Z",
"published": "2026-04-17T09:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40002"
},
{
"type": "WEB",
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/8224335890517684583"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-FWPF-HPW8-G5P6
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-10-27 19:00Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration.
{
"affected": [],
"aliases": [
"CVE-2021-36879"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-27T16:15:00Z",
"severity": "CRITICAL"
},
"details": "Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions \u003c= 2.0.5). Possible if WordPress configuration allows user registration.",
"id": "GHSA-fwpf-hpw8-g5p6",
"modified": "2022-10-27T19:00:39Z",
"published": "2022-05-24T19:15:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36879"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-unauthenticated-privilege-escalation-vulnerability"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/ulisting/#developers"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FWV4-F9XF-WP89
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as.
{
"affected": [],
"aliases": [
"CVE-2020-24676"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-22T22:15:00Z",
"severity": "HIGH"
},
"details": "In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as.",
"id": "GHSA-fwv4-f9xf-wp89",
"modified": "2022-05-24T17:37:02Z",
"published": "2022-05-24T17:37:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24676"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FWW5-M9WC-JCJC
Vulnerability from github – Published: 2025-12-01 21:30 – Updated: 2025-12-04 22:49Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "snipe/snipe-it"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.3.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-65621"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-02T16:54:40Z",
"nvd_published_at": "2025-12-01T21:15:52Z",
"severity": "MODERATE"
},
"details": "Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator\u0027s session, enabling privilege escalation.",
"id": "GHSA-fww5-m9wc-jcjc",
"modified": "2025-12-04T22:49:49Z",
"published": "2025-12-01T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65621"
},
{
"type": "WEB",
"url": "https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65621"
},
{
"type": "PACKAGE",
"url": "https://github.com/grokability/snipe-it"
},
{
"type": "WEB",
"url": "https://github.com/grokability/snipe-it/releases/tag/v8.3.4"
},
{
"type": "WEB",
"url": "http://snipeitapp.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Snipe-IT is vulnerable to stored cross-site scripting"
}
GHSA-FX25-85XR-CGXM
Vulnerability from github – Published: 2026-07-13 18:30 – Updated: 2026-07-14 03:31In the Apache Airflow FAB auth manager, a DAG whose dag_id is DAGs collided with the global all-DAGs permission resource name produced by resource_name(), so a user granted per-DAG access_control on that one DAG was silently granted the global all-DAGs permission (privilege escalation). The escalation triggers when a DAG named DAGs exists and a lower-privileged user is given per-DAG access to it, granting that user read/edit access to every DAG. Users are advised to upgrade to apache-airflow-providers-fab 3.7.2 or later, which disambiguates the resource-name collision.
{
"affected": [],
"aliases": [
"CVE-2026-59245"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-13T16:16:41Z",
"severity": "HIGH"
},
"details": "In the Apache Airflow FAB auth manager, a DAG whose `dag_id` is `DAGs` collided with the global all-DAGs permission resource name produced by `resource_name()`, so a user granted per-DAG `access_control` on that one DAG was silently granted the global all-DAGs permission (privilege escalation). The escalation triggers when a DAG named `DAGs` exists and a lower-privileged user is given per-DAG access to it, granting that user read/edit access to every DAG. Users are advised to upgrade to `apache-airflow-providers-fab` 3.7.2 or later, which disambiguates the resource-name collision.",
"id": "GHSA-fx25-85xr-cgxm",
"modified": "2026-07-14T03:31:34Z",
"published": "2026-07-13T18:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59245"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/pull/69106"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/70f37q3mwov1vm3zolrfxlzds278c78h"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/07/13/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FX28-FJMC-JX5R
Vulnerability from github – Published: 2022-05-24 17:23 – Updated: 2022-05-24 17:23An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418.
{
"affected": [],
"aliases": [
"CVE-2020-1393"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-07-14T23:15:00Z",
"severity": "MODERATE"
},
"details": "An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka \u0027Windows Diagnostics Hub Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1418.",
"id": "GHSA-fx28-fjmc-jx5r",
"modified": "2022-05-24T17:23:03Z",
"published": "2022-05-24T17:23:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1393"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-FX3W-HJ7J-HFGF
Vulnerability from github – Published: 2022-05-24 17:11 – Updated: 2025-10-22 00:31VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
{
"affected": [],
"aliases": [
"CVE-2020-3950"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-17T19:15:00Z",
"severity": "HIGH"
},
"details": "VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.",
"id": "GHSA-fx3w-hj7j-hfgf",
"modified": "2025-10-22T00:31:51Z",
"published": "2022-05-24T17:11:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3950"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3950"
},
{
"type": "WEB",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0005.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FX7X-V68G-VHQ5
Vulnerability from github – Published: 2025-06-10 18:32 – Updated: 2025-06-10 18:32Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-33067"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-10T17:22:49Z",
"severity": "HIGH"
},
"details": "Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally.",
"id": "GHSA-fx7x-v68g-vhq5",
"modified": "2025-06-10T18:32:29Z",
"published": "2025-06-10T18:32:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33067"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33067"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FX89-732F-4CFG
Vulnerability from github – Published: 2024-04-17 00:30 – Updated: 2024-04-17 00:30Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
{
"affected": [],
"aliases": [
"CVE-2024-21034"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-16T22:15:19Z",
"severity": "MODERATE"
},
"details": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"id": "GHSA-fx89-732f-4cfg",
"modified": "2024-04-17T00:30:55Z",
"published": "2024-04-17T00:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21034"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.