Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5430 vulnerabilities reference this CWE, most recent first.

GHSA-GR32-6RR4-7PX2

Vulnerability from github – Published: 2026-06-02 06:30 – Updated: 2026-06-02 06:30
VLAI
Details

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. This makes it possible for unauthenticated attackers to send a password reset link for any user registered on the site to their own email address.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8206"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-02T04:17:03Z",
    "severity": "CRITICAL"
  },
  "details": "The Kirki \u2013 Freeform Page Builder, Website Builder \u0026 Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. This makes it possible for unauthenticated attackers to send a password reset link for any user registered on the site to their own email address.",
  "id": "GHSA-gr32-6rr4-7px2",
  "modified": "2026-06-02T06:30:26Z",
  "published": "2026-06-02T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8206"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/kirki/tags/6.0.4/ComponentLibrary/controller/CompLibFormHandler.php#L330"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/kirki/tags/6.0.4/ComponentLibrary/controller/CompLibFormHandler.php#L48"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/kirki/tags/6.0.4/ComponentLibrary/controller/ElementGenerator.php#L227"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/kirki/trunk/ComponentLibrary/controller/CompLibFormHandler.php#L330"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/kirki/trunk/ComponentLibrary/controller/CompLibFormHandler.php#L48"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/kirki/trunk/ComponentLibrary/controller/ElementGenerator.php#L227"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3530843/kirki"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3b5630bd-5bce-4226-959f-5e81ae69b799?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GR73-XMRV-34FC

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11
VLAI
Details

Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-24038"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-19T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507.",
  "id": "GHSA-gr73-xmrv-34fc",
  "modified": "2022-05-24T19:11:40Z",
  "published": "2022-05-24T19:11:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24038"
    },
    {
      "type": "WEB",
      "url": "https://www.facebook.com/security/advisories/cve-2021-24038"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GR78-3HPW-XF56

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-07-13 00:00
VLAI
Details

In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174047735

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0372"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-10T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174047735",
  "id": "GHSA-gr78-3hpw-xf56",
  "modified": "2022-07-13T00:00:58Z",
  "published": "2022-05-24T17:44:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0372"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2021-03-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GR7J-Q4Q6-RXCF

Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2024-07-03 18:40
VLAI
Details

An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22774"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T14:58:21Z",
    "severity": "HIGH"
  },
  "details": "An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component.",
  "id": "GHSA-gr7j-q4q6-rxcf",
  "modified": "2024-07-03T18:40:09Z",
  "published": "2024-05-14T15:32:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22774"
    },
    {
      "type": "WEB",
      "url": "https://blueteamalpha.com/blog/new-vulnerability-discovered-in-panoramic-x-ray-software"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Gray-0men/CVE-2024-22774"
    },
    {
      "type": "WEB",
      "url": "https://pancorp.com/index.html"
    },
    {
      "type": "WEB",
      "url": "https://pancorp.com/pdf/Panoramic-Dental-Imaging-%28GLAN%29-Windows-10x64-Setup-Rev3.pdf"
    },
    {
      "type": "WEB",
      "url": "https://pancorp.com/software/files/PANCORP_DENTAL_IMAGING_9.1.2.7600.exe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GR7P-9MX8-WR74

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2023-08-08 15:31
VLAI
Details

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38295"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-14T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2",
  "id": "GHSA-gr7p-9mx8-wr74",
  "modified": "2023-08-08T15:31:23Z",
  "published": "2022-05-24T19:17:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38295"
    },
    {
      "type": "WEB",
      "url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GR7V-4XRC-FQR5

Vulnerability from github – Published: 2023-01-08 15:30 – Updated: 2023-01-13 00:30
VLAI
Details

JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0668"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-08T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.",
  "id": "GHSA-gr7v-4xrc-fqr5",
  "modified": "2023-01-13T00:30:39Z",
  "published": "2023-01-08T15:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0668"
    },
    {
      "type": "WEB",
      "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0668%3A+Artifactory+Authentication+Bypass"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GR8F-FRHQ-4H8R

Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2023-11-15 21:35
VLAI
Details

Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31839"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-10T17:15:00Z",
    "severity": "LOW"
  },
  "details": "Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server.",
  "id": "GHSA-gr8f-frhq-4h8r",
  "modified": "2023-11-15T21:35:01Z",
  "published": "2022-05-24T19:04:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31839"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10362"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GR96-2H6W-PF97

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36
VLAI
Details

An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8447"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-29T01:34:00Z",
    "severity": "MODERATE"
  },
  "details": "An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either \u0027delete\u0027 or \u0027index\u0027 permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.",
  "id": "GHSA-gr96-2h6w-pf97",
  "modified": "2022-05-13T01:36:10Z",
  "published": "2022-05-13T01:36:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8447"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/x-pack-security-5-6-0-and-5-5-3-security-update/100089"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GR9W-H9WQ-7QX8

Vulnerability from github – Published: 2022-04-16 00:00 – Updated: 2022-04-16 00:00
VLAI
Details

Connected User Experiences and Telemetry Elevation of Privilege Vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-24479"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-15T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Connected User Experiences and Telemetry Elevation of Privilege Vulnerability.",
  "id": "GHSA-gr9w-h9wq-7qx8",
  "modified": "2022-04-16T00:00:39Z",
  "published": "2022-04-16T00:00:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24479"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24479"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24479"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GRC8-24J5-X6FJ

Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18
VLAI
Details

An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1191"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-21T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka \u0027Windows State Repository Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190.",
  "id": "GHSA-grc8-24j5-x6fj",
  "modified": "2022-05-24T17:18:34Z",
  "published": "2022-05-24T17:18:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1191"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1191"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.