Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5433 vulnerabilities reference this CWE, most recent first.

GHSA-GWQ7-2MVV-MHCQ

Vulnerability from github – Published: 2024-03-11 18:31 – Updated: 2024-08-01 15:31
VLAI
Details

In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0049"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-11T17:15:45Z",
    "severity": "HIGH"
  },
  "details": "In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User  interaction is not needed for exploitation.",
  "id": "GHSA-gwq7-2mvv-mhcq",
  "modified": "2024-08-01T15:31:31Z",
  "published": "2024-03-11T18:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0049"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/frameworks/av/+/462689f06fd5e72ac63cd87b43ee52554ddf953e"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2024-03-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GWR5-QQVH-C57M

Vulnerability from github – Published: 2023-07-10 18:30 – Updated: 2024-04-04 05:53
VLAI
Details

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3076"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-10T16:15:54Z",
    "severity": "CRITICAL"
  },
  "details": "The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin\u0027s pro features.",
  "id": "GHSA-gwr5-qqvh-c57m",
  "modified": "2024-04-04T05:53:25Z",
  "published": "2023-07-10T18:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3076"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/ac662436-29d7-4ea6-84e1-f9e229b44f5b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GWR6-6X8H-4MJQ

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2023-12-31 21:30
VLAI
Details

An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations, aka 'Windows Storage VSP Driver Elevation of Privilege Vulnerability'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-16885"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-16T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations, aka \u0027Windows Storage VSP Driver Elevation of Privilege Vulnerability\u0027.",
  "id": "GHSA-gwr6-6x8h-4mjq",
  "modified": "2023-12-31T21:30:21Z",
  "published": "2022-05-24T17:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16885"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16885"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GWX4-J47M-WQJ6

Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-05-24 17:26
VLAI
Details

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation .

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-9714"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-19T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation .",
  "id": "GHSA-gwx4-j47m-wqj6",
  "modified": "2022-05-24T17:26:11Z",
  "published": "2022-05-24T17:26:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9714"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-48.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GX32-9WHP-V6GP

Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-12-08 03:30
VLAI
Details

An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec "backdoor" operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec ("backdoor") functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it's better to assume that it does.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-25595"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-23T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen\u0027s MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn\u0027t be able to affect these registers, experience shows that it\u0027s very common for devices to have out-of-spec \"backdoor\" operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec (\"backdoor\") functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it\u0027s better to assume that it does.",
  "id": "GHSA-gx32-9whp-v6gp",
  "modified": "2022-12-08T03:30:31Z",
  "published": "2022-05-24T17:29:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25595"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DA633Y3G5KX7MKRN4PFEGM3IVTJMBEOM"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJZERRBJN6E6STDCHT4JHP4MI6TKBCJE"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202011-06"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4769"
    },
    {
      "type": "WEB",
      "url": "https://xenbits.xen.org/xsa/advisory-337.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GX4P-PRHW-C28V

Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-10-22 12:00
VLAI
Details

An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20264"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-269",
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-06T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
  "id": "GHSA-gx4p-prhw-c28v",
  "modified": "2022-10-22T12:00:28Z",
  "published": "2022-05-24T19:16:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20264"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932283"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GX55-F84R-V3R7

Vulnerability from github – Published: 2026-06-30 18:19 – Updated: 2026-06-30 18:19
VLAI
Summary
Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape
Details

Summary

Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs for runtime and builder pods. The merge logic propagated hostNetwork, hostPID, hostIPC, container privileged, and serviceAccountName from the user-supplied podspec with no filtering, and Environment.Validate performed no security-relevant checks on these fields.

Details

A namespace user with create/update on environments.fission.io could produce privileged, host-network, hostPID pods in the Fission function or builder namespace. Because the Helm chart created the fission-function and fission-builder namespaces with no pod-security.kubernetes.io/enforce labels, Kubernetes Pod Security Admission did not catch the escape either.

From a host-network privileged pod with hostPID, the attacker could nsenter into the host, read cloud-metadata credentials, access the container-runtime socket, pivot to other namespaces, and fully compromise the node.

Impact

environments.fission.io create/update RBAC is escalated to node compromise — host filesystem and network access on the scheduling node, and from there potential cluster-wide takeover.

Fix

Fixed in #3391 and released in v1.24.0. Denylist at admission (the primary defence) plus belt-and-braces at the merge layer.

Admission denylist (pkg/apis/core/v1/podspec_safety.go::ValidatePodSpecSafety), called from Environment.Validate for both Runtime.PodSpec and Builder.PodSpec:

  • pod-level: HostNetwork, HostPID, HostIPC, ServiceAccountName / DeprecatedServiceAccount override, hostPath volumes;
  • per-container: SecurityContext.Privileged=true, SecurityContext.AllowPrivilegeEscalation=true, dangerous capabilities (SYS_ADMIN, NET_ADMIN, SYS_PTRACE, SYS_MODULE, DAC_READ_SEARCH, DAC_OVERRIDE).

Update-bypass closed: the Environment validating-webhook marker is extended from verbs=create to verbs=create;update (chart and envtest manifests aligned).

Merge-layer belt-and-braces (pkg/executor/util/merge.go): even if admission is bypassed (failurePolicy=Ignore or stale pre-webhook objects), the denylisted pod-level fields are stripped and per-container dangerous settings are sanitized before the merge (with SecurityContext deep-copied first so cached informer objects are not mutated). Legitimate operator hardening via the chart's pod-level securityContext (fsGroup, runAsNonRoot, runAsUser) still flows through.

Behavioural change

Environments that explicitly set any denylisted field are now rejected at admission. There is no legitimate Fission use case — these primitives exist for cluster operators, not Environment authors.

This is the same root cause and fix as GHSA-wmgg-3p4h-48x7.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.23.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/fission/fission"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.24.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-50564"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-284",
      "CWE-693"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-30T18:19:32Z",
    "nvd_published_at": "2026-06-10T18:17:12Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\n\nFission\u0027s `Environment` CRD exposes `spec.runtime.podSpec` and `spec.builder.podSpec`, which are merged into the Kubernetes pod specs for runtime and builder pods. The merge logic propagated `hostNetwork`, `hostPID`, `hostIPC`, container\n `privileged`, and `serviceAccountName` from the user-supplied podspec with no filtering, and `Environment.Validate` performed no security-relevant checks on these fields.\n\n### Details\n\nA namespace user with `create`/`update` on `environments.fission.io` could produce privileged, host-network, hostPID pods in the Fission function or builder namespace. Because the Helm chart created the `fission-function` and\n`fission-builder` namespaces with no `pod-security.kubernetes.io/enforce` labels, Kubernetes Pod Security Admission did not catch the escape either.\n\nFrom a host-network privileged pod with hostPID, the attacker could `nsenter` into the host, read cloud-metadata credentials, access the container-runtime socket, pivot to other namespaces, and fully compromise the node.\n\n### Impact\n\n`environments.fission.io` create/update RBAC is escalated to node compromise \u2014 host filesystem and network access on the scheduling node, and from there potential cluster-wide takeover.\n\n### Fix\n\nFixed in [#3391](https://github.com/fission/fission/pull/3391) and released in [v1.24.0](https://github.com/fission/fission/releases/tag/v1.24.0). Denylist at admission (the primary defence) plus belt-and-braces at the merge layer.\n\n**Admission denylist** (`pkg/apis/core/v1/podspec_safety.go::ValidatePodSpecSafety`), called from `Environment.Validate` for both `Runtime.PodSpec` and `Builder.PodSpec`:\n\n- pod-level: `HostNetwork`, `HostPID`, `HostIPC`, `ServiceAccountName` / `DeprecatedServiceAccount` override, hostPath volumes;\n- per-container: `SecurityContext.Privileged=true`, `SecurityContext.AllowPrivilegeEscalation=true`, dangerous capabilities (`SYS_ADMIN`, `NET_ADMIN`, `SYS_PTRACE`, `SYS_MODULE`, `DAC_READ_SEARCH`, `DAC_OVERRIDE`).\n\n**Update-bypass closed:** the `Environment` validating-webhook marker is extended from `verbs=create` to `verbs=create;update` (chart and envtest manifests aligned).\n\n**Merge-layer belt-and-braces** (`pkg/executor/util/merge.go`): even if admission is bypassed (`failurePolicy=Ignore` or stale pre-webhook objects), the denylisted pod-level fields are stripped and per-container dangerous settings are\nsanitized before the merge (with `SecurityContext` deep-copied first so cached informer objects are not mutated). Legitimate operator hardening via the chart\u0027s pod-level `securityContext` (fsGroup, runAsNonRoot, runAsUser) still flows\nthrough.\n\n### Behavioural change\n\nEnvironments that explicitly set any denylisted field are now rejected at admission. There is no legitimate Fission use case \u2014 these primitives exist for cluster operators, not Environment authors.\n\nThis is the same root cause and fix as GHSA-wmgg-3p4h-48x7.",
  "id": "GHSA-gx55-f84r-v3r7",
  "modified": "2026-06-30T18:19:32Z",
  "published": "2026-06-30T18:19:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/fission/fission/security/advisories/GHSA-gx55-f84r-v3r7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50564"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fission/fission/pull/3391"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fission/fission/commit/e484df8460bb4e8026e24210120602aa7f181f64"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/fission/fission"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fission/fission/releases/tag/v1.24.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape"
}

GHSA-GX7F-WJC7-76H3

Vulnerability from github – Published: 2022-12-13 21:30 – Updated: 2025-01-03 00:31
VLAI
Details

Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-44689"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-13T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability.",
  "id": "GHSA-gx7f-wjc7-76h3",
  "modified": "2025-01-03T00:31:10Z",
  "published": "2022-12-13T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44689"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44689"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44689"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GX7G-Q2XR-XM5F

Vulnerability from github – Published: 2024-09-16 14:37 – Updated: 2024-09-16 14:37
VLAI
Details

The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwp_update_password_action' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to any other role, including Administrator. The vulnerability was partially patched in version 1.7.40. The login with phone number pro plugin was required to exploit the vulnerability in versions 1.7.40 - 1.7.49.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-6482"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-14T13:15:10Z",
    "severity": "HIGH"
  },
  "details": "The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the \u0027lwp_update_password_action\u0027 function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to any other role, including Administrator. The vulnerability was partially patched in version 1.7.40. The login with phone number pro plugin was required to exploit the vulnerability in versions 1.7.40 - 1.7.49.",
  "id": "GHSA-gx7g-q2xr-xm5f",
  "modified": "2024-09-16T14:37:26Z",
  "published": "2024-09-16T14:37:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6482"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php#L3803"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3129185"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de7cde2c-142c-4004-9302-be335265d87d?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GX9G-7W8C-QC7M

Vulnerability from github – Published: 2023-11-08 12:30 – Updated: 2024-09-04 18:30
VLAI
Details

Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-46756"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-08T11:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.",
  "id": "GHSA-gx9g-7w8c-qc7m",
  "modified": "2024-09-04T18:30:47Z",
  "published": "2023-11-08T12:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46756"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2023/11"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.