CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5430 vulnerabilities reference this CWE, most recent first.
GHSA-GR32-6RR4-7PX2
Vulnerability from github – Published: 2026-06-02 06:30 – Updated: 2026-06-02 06:30The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. This makes it possible for unauthenticated attackers to send a password reset link for any user registered on the site to their own email address.
{
"affected": [],
"aliases": [
"CVE-2026-8206"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-02T04:17:03Z",
"severity": "CRITICAL"
},
"details": "The Kirki \u2013 Freeform Page Builder, Website Builder \u0026 Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. This makes it possible for unauthenticated attackers to send a password reset link for any user registered on the site to their own email address.",
"id": "GHSA-gr32-6rr4-7px2",
"modified": "2026-06-02T06:30:26Z",
"published": "2026-06-02T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8206"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kirki/tags/6.0.4/ComponentLibrary/controller/CompLibFormHandler.php#L330"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kirki/tags/6.0.4/ComponentLibrary/controller/CompLibFormHandler.php#L48"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kirki/tags/6.0.4/ComponentLibrary/controller/ElementGenerator.php#L227"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kirki/trunk/ComponentLibrary/controller/CompLibFormHandler.php#L330"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kirki/trunk/ComponentLibrary/controller/CompLibFormHandler.php#L48"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kirki/trunk/ComponentLibrary/controller/ElementGenerator.php#L227"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3530843/kirki"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3b5630bd-5bce-4226-959f-5e81ae69b799?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GR73-XMRV-34FC
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507.
{
"affected": [],
"aliases": [
"CVE-2021-24038"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-19T16:15:00Z",
"severity": "HIGH"
},
"details": "Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507.",
"id": "GHSA-gr73-xmrv-34fc",
"modified": "2022-05-24T19:11:40Z",
"published": "2022-05-24T19:11:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24038"
},
{
"type": "WEB",
"url": "https://www.facebook.com/security/advisories/cve-2021-24038"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GR78-3HPW-XF56
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-07-13 00:00In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174047735
{
"affected": [],
"aliases": [
"CVE-2021-0372"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-10T16:15:00Z",
"severity": "HIGH"
},
"details": "In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174047735",
"id": "GHSA-gr78-3hpw-xf56",
"modified": "2022-07-13T00:00:58Z",
"published": "2022-05-24T17:44:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0372"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2021-03-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GR7J-Q4Q6-RXCF
Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2024-07-03 18:40An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component.
{
"affected": [],
"aliases": [
"CVE-2024-22774"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T14:58:21Z",
"severity": "HIGH"
},
"details": "An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component.",
"id": "GHSA-gr7j-q4q6-rxcf",
"modified": "2024-07-03T18:40:09Z",
"published": "2024-05-14T15:32:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22774"
},
{
"type": "WEB",
"url": "https://blueteamalpha.com/blog/new-vulnerability-discovered-in-panoramic-x-ray-software"
},
{
"type": "WEB",
"url": "https://github.com/Gray-0men/CVE-2024-22774"
},
{
"type": "WEB",
"url": "https://pancorp.com/index.html"
},
{
"type": "WEB",
"url": "https://pancorp.com/pdf/Panoramic-Dental-Imaging-%28GLAN%29-Windows-10x64-Setup-Rev3.pdf"
},
{
"type": "WEB",
"url": "https://pancorp.com/software/files/PANCORP_DENTAL_IMAGING_9.1.2.7600.exe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GR7P-9MX8-WR74
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2023-08-08 15:31In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2
{
"affected": [],
"aliases": [
"CVE-2021-38295"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-14T20:15:00Z",
"severity": "HIGH"
},
"details": "In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2",
"id": "GHSA-gr7p-9mx8-wr74",
"modified": "2023-08-08T15:31:23Z",
"published": "2022-05-24T19:17:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38295"
},
{
"type": "WEB",
"url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GR7V-4XRC-FQR5
Vulnerability from github – Published: 2023-01-08 15:30 – Updated: 2023-01-13 00:30JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.
{
"affected": [],
"aliases": [
"CVE-2022-0668"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-08T15:15:00Z",
"severity": "CRITICAL"
},
"details": "JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.",
"id": "GHSA-gr7v-4xrc-fqr5",
"modified": "2023-01-13T00:30:39Z",
"published": "2023-01-08T15:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0668"
},
{
"type": "WEB",
"url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0668%3A+Artifactory+Authentication+Bypass"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GR8F-FRHQ-4H8R
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2023-11-15 21:35Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server.
{
"affected": [],
"aliases": [
"CVE-2021-31839"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-10T17:15:00Z",
"severity": "LOW"
},
"details": "Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server.",
"id": "GHSA-gr8f-frhq-4h8r",
"modified": "2023-11-15T21:35:01Z",
"published": "2022-05-24T19:04:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31839"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10362"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GR96-2H6W-PF97
Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.
{
"affected": [],
"aliases": [
"CVE-2017-8447"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-29T01:34:00Z",
"severity": "MODERATE"
},
"details": "An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either \u0027delete\u0027 or \u0027index\u0027 permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.",
"id": "GHSA-gr96-2h6w-pf97",
"modified": "2022-05-13T01:36:10Z",
"published": "2022-05-13T01:36:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8447"
},
{
"type": "WEB",
"url": "https://discuss.elastic.co/t/x-pack-security-5-6-0-and-5-5-3-security-update/100089"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GR9W-H9WQ-7QX8
Vulnerability from github – Published: 2022-04-16 00:00 – Updated: 2022-04-16 00:00Connected User Experiences and Telemetry Elevation of Privilege Vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-24479"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-15T19:15:00Z",
"severity": "HIGH"
},
"details": "Connected User Experiences and Telemetry Elevation of Privilege Vulnerability.",
"id": "GHSA-gr9w-h9wq-7qx8",
"modified": "2022-04-16T00:00:39Z",
"published": "2022-04-16T00:00:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24479"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24479"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24479"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GRC8-24J5-X6FJ
Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190.
{
"affected": [],
"aliases": [
"CVE-2020-1191"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-21T23:15:00Z",
"severity": "MODERATE"
},
"details": "An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka \u0027Windows State Repository Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190.",
"id": "GHSA-grc8-24j5-x6fj",
"modified": "2022-05-24T17:18:34Z",
"published": "2022-05-24T17:18:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1191"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1191"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.