Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5433 vulnerabilities reference this CWE, most recent first.

GHSA-H4CC-27HC-FW7G

Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-05-24 19:13
VLAI
Details

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local attacker may be able to elevate their privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1868"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-08T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local attacker may be able to elevate their privileges.",
  "id": "GHSA-h4cc-27hc-fw7g",
  "modified": "2022-05-24T19:13:32Z",
  "published": "2022-05-24T19:13:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1868"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212317"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212323"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212324"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212325"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212326"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212327"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-H4HQ-RGVH-WH27

Vulnerability from github – Published: 2026-03-04 20:13 – Updated: 2026-03-04 20:13
VLAI
Summary
Vaultwarden's Collection Management Operations Allowed Without `manage` Verification for Manager Role
Details

Summary

Testing confirmed that even when a Manager has manage=false for a given collection, they can still perform the following management operations as long as they have access to the collection:

  • PUT /api/organizations/<org_id>/collections/<col_id> succeeds (HTTP 200)
  • PUT /api/organizations/<org_id>/collections/<col_id>/users succeeds (HTTP 200)
  • DELETE /api/organizations/<org_id>/collections/<col_id> succeeds (HTTP 200)

Description

  • The Manager guard checks only whether the user can access the collection, not whether they have manage privileges. This check is directly applied to management endpoints. src/auth.rs:816 ```rust

if !Collection::can_access_collection(&headers.membership, &col_id, &conn).await { err_handler!("The current user isn't a manager for this collection") } ```

  • The can_access_collection function does not evaluate the manage flag. src/db/models/collection.rs:140

```rust

pub async fn can_access_collection(member: &Membership, col_id: &CollectionId, conn: &DbConn) -> bool { member.has_status(MembershipStatus::Confirmed) && (member.has_full_access() || CollectionUser::has_access_to_collection_by_user(col_id, &member.user_uuid, conn).await || ... ```

  • A separate management-permission check exists and includes manage validation, but it is not used during authorization for the affected endpoints. src/db/models/collection.rs:516

```rust

pub async fn is_manageable_by_user(&self, user_uuid: &UserId, conn: &DbConn) -> bool { let Some(member) = Membership::find_confirmed_by_user_and_org(user_uuid, &self.org_uuid, conn).await else { return false; }; if member.has_full_access() { return true; } ... ```

  • The actual update and deletion endpoints only accept ManagerHeaders and do not perform additional manage checks. src/api/core/organizations.rs:608
  async fn put_organization_collection_update(..., headers: ManagerHeaders, ...)

src/api/core/organizations.rs:890

  async fn put_collection_users(..., headers: ManagerHeaders, ...)

src/api/core/organizations.rs:747

rust async fn delete_organization_collection(..., headers: ManagerHeaders, ...)

Preconditions

  • The attacker is a Manager within the target organization.
  • The attacker has access to the target collection (assigned=true).
  • The attacker’s permission for that collection is manage=false.
  • A valid API access token has been obtained.

Steps to Reproduce

  1. Confirm that the attacker’s current permissions for the target collection include manage=false. image

  2. As a control test, verify that update operations fail for collections the attacker cannot access. image

  3. Confirm that update operations succeed for the target collection where manage=false. image

  4. Use PUT /collections/{col_id}/users to set manage=true, confirming that the attacker can escalate their own privileges. image

  5. Verify that deletion of the collection succeeds despite the Manager lacking management rights. image

Required Minimum Privileges

  • Organization Manager role (Owner/Admin privileges are not required)
  • Works even with access_all=false
  • Only access rights to the target collection are required (manage privilege is not required)

Attack Scenario

A restricted Manager (intended for read/use-only access) directly invokes the API to update collection settings, elevate their own privileges to manage=true, and even delete the collection.

This allows the user to bypass operational access restrictions and effectively gain administrator-equivalent control over the collection.

Potential Impact

  • Confidentiality: Expansion of access scope through unauthorized privilege escalation and configuration changes.
  • Integrity: Unauthorized modification of collection settings and assignments; potential disabling of access controls.
  • Availability: Deletion of collections may disrupt business operations.
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.35.3"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "vaultwarden"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.35.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-27803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-285",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-04T20:13:44Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "## Summary\n\nTesting confirmed that even when a Manager has `manage=false` for a given collection, they can still perform the following management operations as long as they have access to the collection:\n\n* `PUT /api/organizations/\u003corg_id\u003e/collections/\u003ccol_id\u003e` succeeds (HTTP 200)\n* `PUT /api/organizations/\u003corg_id\u003e/collections/\u003ccol_id\u003e/users` succeeds (HTTP 200)\n* `DELETE /api/organizations/\u003corg_id\u003e/collections/\u003ccol_id\u003e` succeeds (HTTP 200)\n\n\n\n## Description\n\n* The Manager guard checks only whether the user **can access the collection**, not whether they have `manage` privileges. This check is directly applied to management endpoints.\nsrc/auth.rs:816\n  ```rust\n\n  if !Collection::can_access_collection(\u0026headers.membership, \u0026col_id, \u0026conn).await {\n      err_handler!(\"The current user isn\u0027t a manager for this collection\")\n  }\n  ```\n\n* The `can_access_collection` function does **not** evaluate the `manage` flag.\n  src/db/models/collection.rs:140\n\n  ```rust\n\n  pub async fn can_access_collection(member: \u0026Membership, col_id: \u0026CollectionId, conn: \u0026DbConn) -\u003e bool {\n      member.has_status(MembershipStatus::Confirmed)\n          \u0026\u0026 (member.has_full_access()\n              || CollectionUser::has_access_to_collection_by_user(col_id, \u0026member.user_uuid, conn).await\n              || ...\n  ```\n\n* A separate management-permission check exists and includes `manage` validation, but it is **not used** during authorization for the affected endpoints.\n  src/db/models/collection.rs:516\n\n  ```rust\n\n  pub async fn is_manageable_by_user(\u0026self, user_uuid: \u0026UserId, conn: \u0026DbConn) -\u003e bool {\n      let Some(member) = Membership::find_confirmed_by_user_and_org(user_uuid, \u0026self.org_uuid, conn).await else {\n          return false;\n      };\n      if member.has_full_access() {\n          return true;\n      }\n      ...\n  ```\n\n* The actual update and deletion endpoints only accept `ManagerHeaders` and do not perform additional `manage` checks.\n  src/api/core/organizations.rs:608\n\n```rust\n  async fn put_organization_collection_update(..., headers: ManagerHeaders, ...)\n```\n\n  src/api/core/organizations.rs:890\n\n```rust\n  async fn put_collection_users(..., headers: ManagerHeaders, ...)\n```\n  \n\nsrc/api/core/organizations.rs:747\n\n```rust\n  async fn delete_organization_collection(..., headers: ManagerHeaders, ...)\n  ```\n\n\n\n## Preconditions\n\n* The attacker is a **Manager** within the target organization.\n* The attacker has access to the target collection (`assigned=true`).\n* The attacker\u2019s permission for that collection is `manage=false`.\n* A valid API access token has been obtained.\n\n\n\n## Steps to Reproduce\n\n1. Confirm that the attacker\u2019s current permissions for the target collection include `manage=false`.\n\u003cimg width=\"2015\" height=\"636\" alt=\"image\" src=\"https://github.com/user-attachments/assets/58ddc733-e37c-4766-a980-b1ea1918ceb4\" /\u003e\n\n2. As a control test, verify that update operations fail for collections the attacker cannot access.\n\u003cimg width=\"2021\" height=\"852\" alt=\"image\" src=\"https://github.com/user-attachments/assets/d8699442-2dfc-4d73-8940-ec10f4a175f0\" /\u003e\n\n3. Confirm that update operations succeed for the target collection where `manage=false`.\n\u003cimg width=\"2013\" height=\"690\" alt=\"image\" src=\"https://github.com/user-attachments/assets/33d9845d-d18e-456c-a58c-e780911347a9\" /\u003e\n\n4. Use `PUT /collections/{col_id}/users` to set `manage=true`, confirming that the attacker can escalate their own privileges.\n\u003cimg width=\"2018\" height=\"488\" alt=\"image\" src=\"https://github.com/user-attachments/assets/da8c5246-cf2a-46c2-9a25-e99d907f852d\" /\u003e\n\n5. Verify that deletion of the collection succeeds despite the Manager lacking management rights.\n\u003cimg width=\"2018\" height=\"487\" alt=\"image\" src=\"https://github.com/user-attachments/assets/a97c8fb2-4f97-4c2a-a90b-9d95dbde84fd\" /\u003e\n\n\n\n## Required Minimum Privileges\n\n* Organization Manager role (Owner/Admin privileges are not required)\n* Works even with `access_all=false`\n* Only access rights to the target collection are required (`manage` privilege is not required)\n\n\n\n## Attack Scenario\n\nA restricted Manager (intended for read/use-only access) directly invokes the API to update collection settings, elevate their own privileges to `manage=true`, and even delete the collection.\n\nThis allows the user to bypass operational access restrictions and effectively gain administrator-equivalent control over the collection.\n\n\n\n## Potential Impact\n\n* **Confidentiality:** Expansion of access scope through unauthorized privilege escalation and configuration changes.\n* **Integrity:** Unauthorized modification of collection settings and assignments; potential disabling of access controls.\n* **Availability:** Deletion of collections may disrupt business operations.",
  "id": "GHSA-h4hq-rgvh-wh27",
  "modified": "2026-03-04T20:13:44Z",
  "published": "2026-03-04T20:13:44Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-h4hq-rgvh-wh27"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dani-garcia/vaultwarden"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Vaultwarden\u0027s Collection Management Operations Allowed Without `manage` Verification for Manager Role"
}

GHSA-H4JC-QMGP-CJPV

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2023-08-02 00:30
VLAI
Details

Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40443, CVE-2021-40467.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40466"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-13T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40443, CVE-2021-40467.",
  "id": "GHSA-h4jc-qmgp-cjpv",
  "modified": "2023-08-02T00:30:36Z",
  "published": "2022-05-24T19:17:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40466"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40466"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H4M7-PG92-X2Q8

Vulnerability from github – Published: 2025-06-11 12:30 – Updated: 2025-06-11 15:30
VLAI
Details

A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected. This vulnerability affects Mozilla VPN 2.28.0 < (macOS).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5687"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-11T12:15:29Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root.\n*This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.28.0 \u003c (macOS).",
  "id": "GHSA-h4m7-pg92-x2q8",
  "modified": "2025-06-11T15:30:28Z",
  "published": "2025-06-11T12:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5687"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1953736"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-48"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H4RJ-C89H-XH23

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2023-08-02 00:30
VLAI
Details

Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40489, CVE-2021-41345.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40488"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-13T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40489, CVE-2021-41345.",
  "id": "GHSA-h4rj-c89h-xh23",
  "modified": "2023-08-02T00:30:37Z",
  "published": "2022-05-24T19:17:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40488"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40488"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1153"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H4WP-5C5Q-58QF

Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50
VLAI
Details

When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-15321"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-31T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.",
  "id": "GHSA-h4wp-5c5q-58qf",
  "modified": "2022-05-13T01:50:07Z",
  "published": "2022-05-13T01:50:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15321"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K01067037"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H574-PQF7-GVPF

Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2022-05-13 01:52
VLAI
Details

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5706"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-16T10:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn\u0027t have them, as demonstrated by use of the RoleEdit or TeamEdit permission.",
  "id": "GHSA-h574-pqf7-gvpf",
  "modified": "2022-05-13T01:52:54Z",
  "published": "2022-05-13T01:52:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5706"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OctopusDeploy/Issues/issues/4167"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H578-JRPJ-WC47

Vulnerability from github – Published: 2022-05-27 00:00 – Updated: 2022-06-09 00:00
VLAI
Details

An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-21827"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-26T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) \u003c21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM.",
  "id": "GHSA-h578-jrpj-wc47",
  "modified": "2022-06-09T00:00:26Z",
  "published": "2022-05-27T00:00:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21827"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX341455"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H57P-XQPC-6HJ8

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-09-04 00:00
VLAI
Details

A CWE-269: Improper Privilege Management vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when an unprivileged user modifies a file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22716"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-13T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A CWE-269: Improper Privilege Management vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when an unprivileged user modifies a file.",
  "id": "GHSA-h57p-xqpc-6hj8",
  "modified": "2022-09-04T00:00:24Z",
  "published": "2022-05-24T17:47:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22716"
    },
    {
      "type": "WEB",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01"
    },
    {
      "type": "WEB",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-103-01_C-Bus_Toolkit_C-Gate_Server_Security_Notification.pdf"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-105-01"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-562"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H585-M23X-H5C2

Vulnerability from github – Published: 2022-01-12 00:00 – Updated: 2024-11-14 21:31
VLAI
Details

Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21882.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-21887"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-11T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21882.",
  "id": "GHSA-h585-m23x-h5c2",
  "modified": "2024-11-14T21:31:48Z",
  "published": "2022-01-12T00:00:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21887"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21887"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21887"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.