Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5433 vulnerabilities reference this CWE, most recent first.

GHSA-GXF6-9256-C3R7

Vulnerability from github – Published: 2022-06-22 00:01 – Updated: 2022-06-29 00:00
VLAI
Details

A vulnerability classified as critical has been found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/featured.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-20078"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-21T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability classified as critical has been found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/featured.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-gxf6-9256-c3r7",
  "modified": "2022-06-29T00:00:26Z",
  "published": "2022-06-22T00:01:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-20078"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.95418"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/41044"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GXJF-5QF6-P29G

Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2024-05-14 18:30
VLAI
Details

All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-4545"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T15:44:02Z",
    "severity": "HIGH"
  },
  "details": "\nAll versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have access.\n\n",
  "id": "GHSA-gxjf-5qf6-p29g",
  "modified": "2024-05-14T18:30:55Z",
  "published": "2024-05-14T18:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4545"
    },
    {
      "type": "WEB",
      "url": "https://www.enterprisedb.com/docs/epas/15/epas_rel_notes"
    },
    {
      "type": "WEB",
      "url": "https://www.enterprisedb.com/docs/epas/latest/epas_rel_notes"
    },
    {
      "type": "WEB",
      "url": "https://www.enterprisedb.com/docs/security/advisories/cve20244545"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GXJV-3QX5-453X

Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-09-21 00:00
VLAI
Details

A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. telnetd.real is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run telnetd.real with root privileges. This issue affects Juniper Networks Junos OS: all versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0223"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-15T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. telnetd.real is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run telnetd.real with root privileges. This issue affects Juniper Networks Junos OS: all versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R2.",
  "id": "GHSA-gxjv-3qx5-453x",
  "modified": "2022-09-21T00:00:40Z",
  "published": "2022-05-24T17:39:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0223"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA11114"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GXM2-H73P-34FQ

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2023-12-31 21:30
VLAI
Details

An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations, aka 'Windows Application Compatibility Client Library Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16876.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-16920"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-16T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations, aka \u0027Windows Application Compatibility Client Library Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-16876.",
  "id": "GHSA-gxm2-h73p-34fq",
  "modified": "2023-12-31T21:30:23Z",
  "published": "2022-05-24T17:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16920"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16920"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GXRX-RHRV-QQV3

Vulnerability from github – Published: 2025-03-14 18:30 – Updated: 2025-03-19 21:30
VLAI
Details

An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-25872"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-14T16:15:40Z",
    "severity": "MODERATE"
  },
  "details": "An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function",
  "id": "GHSA-gxrx-rhrv-qqv3",
  "modified": "2025-03-19T21:30:48Z",
  "published": "2025-03-14T18:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25872"
    },
    {
      "type": "WEB",
      "url": "https://openpanel.com/docs/changelog/0.3.5/#%EF%B8%8F-security-fixes"
    },
    {
      "type": "WEB",
      "url": "https://packetstorm.news/files/id/189583"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H25H-F75Q-43QP

Vulnerability from github – Published: 2022-05-01 18:03 – Updated: 2025-04-09 03:41
VLAI
Details

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2007-2444"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-05-14T21:19:00Z",
    "severity": "HIGH"
  },
  "details": "Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.",
  "id": "GHSA-h25h-f75q-43qp",
  "modified": "2025-04-09T03:41:32Z",
  "published": "2022-05-01T18:03:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2444"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-1366"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01078980"
    },
    {
      "type": "WEB",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/34698"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25232"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25241"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25246"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25251"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25255"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25256"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25259"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25270"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25289"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25675"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25772"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200705-15.xml"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/2701"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.475906"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2007/dsa-1291"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:104"
    },
    {
      "type": "WEB",
      "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html"
    },
    {
      "type": "WEB",
      "url": "http://www.samba.org/samba/security/CVE-2007-2444.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/468548/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/468670/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23974"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018049"
    },
    {
      "type": "WEB",
      "url": "http://www.trustix.org/errata/2007/0017"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-460-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-460-2"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1805"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2210"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2281"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-H27C-6XM3-MCQP

Vulnerability from github – Published: 2024-08-20 22:13 – Updated: 2024-11-25 20:50
VLAI
Summary
Withdrawn Advisory: Kanister vulnerable to cluster-level privilege escalation
Details

Withdrawn Advisory

This advisory has been withdrawn because the vulnerability does not affect a released Go package. For more information, see github/advisory-database/issues/5029.

Original Advisory

Summary

This advisory affects the Kanister helm charts and not the go package

Details

The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding(https://github.com/kanisterio/kanister/blob/master/helm/kanister-operator/templates/rbac.yaml#L49). The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it have create/patch/udpate verbs of daemonset resources, create verb of serviceaccount/token resources, and impersonate verb of serviceaccounts resources. If a malicious user can access the worker node which has this component, he/she can:

For the create/patch/update verbs of daemonset resources, the malicious user can abuse it to create or modify a set of Pods to mount a high-privilege service account (e.g., the cluster-admin service account). After that, he/she can abuse the high-privilege SA token of created Pod to take over the whole cluster.

For the create verb of serviceaccount/token resources, a malicious user can abuse this permission to generate new Service Account tokens and use them to operate with high-privilege roles, such as cluster administrators. These tokens can be used to access and manipulate any resources within the cluster.

For the impersonate verb of serviceaccounts resources, a malicious user can impersonate high-privilege Service Accounts, thereby gaining access to roles such as cluster administrators. This enables the attacker to perform all actions that the high-privilege account can, including creating, modifying, and deleting critical resources within the cluster.

PoC

We have discussed in the "Details" section

Impact

Privilege escalation

Mitigation

Currently kanister helm chart provides rbac.create flag (true by default), which controls whether the rbac rules for kanister service account will be created https://github.com/kanisterio/kanister/blob/master/helm/kanister-operator/values.yaml#L17 If this value set to false, the user needs to create rbac rules themselves and they can limit the role bindings for kanister service account, for example scope it to specific namespace. Service account can also be configured via helm https://github.com/kanisterio/kanister/blob/master/helm/kanister-operator/values.yaml#L19

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kanisterio/kanister"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20240926084453-1f40f03d8432"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-43403"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-20T22:13:02Z",
    "nvd_published_at": "2024-08-20T22:15:04Z",
    "severity": "MODERATE"
  },
  "details": "# Withdrawn Advisory\n\nThis advisory has been withdrawn because the vulnerability does not affect a released Go package. For more information, see github/advisory-database/issues/5029.\n\n# Original Advisory\n\n### Summary\nThis advisory affects the Kanister helm charts and not the go package\n\n### Details\nThe kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding(https://github.com/kanisterio/kanister/blob/master/helm/kanister-operator/templates/rbac.yaml#L49). The \"edit\" ClusterRole is one of Kubernetes default-created ClusterRole, and it have create/patch/udpate verbs of daemonset resources, create verb of serviceaccount/token resources, and impersonate verb of serviceaccounts resources. If a malicious user can access the worker node which has this component, he/she can:\n\nFor the create/patch/update verbs of daemonset resources, the malicious user can abuse it to create or modify a set of Pods to mount a high-privilege service account (e.g., the cluster-admin service account). After that, he/she can abuse the high-privilege SA token of created Pod to take over the whole cluster.\n\nFor the create verb of serviceaccount/token resources, a malicious user can abuse this permission to generate new Service Account tokens and use them to operate with high-privilege roles, such as cluster administrators. These tokens can be used to access and manipulate any resources within the cluster.\n\nFor the impersonate verb of serviceaccounts resources, a malicious user can impersonate high-privilege Service Accounts, thereby gaining access to roles such as cluster administrators. This enables the attacker to perform all actions that the high-privilege account can, including creating, modifying, and deleting critical resources within the cluster.\n\n\n### PoC\nWe have discussed in the \"Details\" section\n\n### Impact\nPrivilege escalation\n\n### Mitigation\n\nCurrently kanister helm chart provides rbac.create flag (true by default), which controls whether the rbac rules for kanister service account will be created https://github.com/kanisterio/kanister/blob/master/helm/kanister-operator/values.yaml#L17\nIf this value set to false, the user needs to create rbac rules themselves and they can limit the role bindings for kanister service account, for example scope it to specific namespace.\nService account can also be configured via helm https://github.com/kanisterio/kanister/blob/master/helm/kanister-operator/values.yaml#L19\n",
  "id": "GHSA-h27c-6xm3-mcqp",
  "modified": "2024-11-25T20:50:10Z",
  "published": "2024-08-20T22:13:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/kanisterio/kanister/security/advisories/GHSA-h27c-6xm3-mcqp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43403"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kanisterio/kanister"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kanisterio/kanister/blob/master/helm/kanister-operator/templates/rbac.yaml#L49"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kanisterio/kanister/wiki/2023%E2%80%9024-Community-Meeting-Notes"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Withdrawn Advisory: Kanister vulnerable to cluster-level privilege escalation",
  "withdrawn": "2024-11-25T20:50:10Z"
}

GHSA-H27R-PFC4-2CXP

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-06-29 00:00
VLAI
Details

Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28269"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-27T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions.",
  "id": "GHSA-h27r-pfc4-2cxp",
  "modified": "2022-06-29T00:00:49Z",
  "published": "2022-05-24T17:48:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28269"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/49679"
    },
    {
      "type": "WEB",
      "url": "https://www.zeroscience.mk/en/vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5634.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H282-H9WQ-4CQG

Vulnerability from github – Published: 2022-05-24 17:23 – Updated: 2022-05-24 17:23
VLAI
Details

An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory, aka 'Windows SharedStream Library Elevation of Privilege Vulnerability'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1463"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-14T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory, aka \u0027Windows SharedStream Library Elevation of Privilege Vulnerability\u0027.",
  "id": "GHSA-h282-h9wq-4cqg",
  "modified": "2022-05-24T17:23:25Z",
  "published": "2022-05-24T17:23:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1463"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1463"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-H289-298G-XPJW

Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2022-07-28 00:00
VLAI
Details

In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. (These permissions are only used in custom User Roles and do not affect built in User Roles.)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-11632"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-01T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. (These permissions are only used in custom User Roles and do not affect built in User Roles.)",
  "id": "GHSA-h289-298g-xpjw",
  "modified": "2022-07-28T00:00:48Z",
  "published": "2022-05-24T16:45:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11632"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OctopusDeploy/Issues/issues/5528"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OctopusDeploy/Issues/issues/5529"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.