CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5443 vulnerabilities reference this CWE, most recent first.
GHSA-J4P8-H8MH-RH8Q
Vulnerability from github – Published: 2025-12-26 18:26 – Updated: 2025-12-31 00:20Impact
In self-hosted n8n instances where the Code node runs in legacy (non-task-runner) JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node.
This allows a workflow editor to perform actions on the n8n host with the same privileges as the n8n process, including:
- Reading files from the host filesystem (subject to any file-access restrictions configured on the instance and OS/container permissions)
- Writing files to the host filesystem (subject to the same restrictions)
Starting with n8n version 1.2.1, access to files in the n8n home directory (.n8n) is blocked by default. However, this does not restrict access to other parts of the filesystem unless additional file access limitations are configured.
Patches
- Upgrade to n8n version 2.0.0 or later, where task runners are enabled by default for Code node execution.
- On n8n version 1.71.0 and above, enable task runners by setting
N8N_RUNNERS_ENABLED=true.
Workarounds
If you cannot immediately migrate to task runners:
- Limit file operations by setting
N8N_RESTRICT_FILE_ACCESS_TOto a dedicated directory (e.g.,~/.n8n-files) and ensure it contains no sensitive data. - Keep
N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES=true(default) to block access to.n8nand user-defined config files. - If workflow editors are not fully trusted, consider disabling high-risk nodes (including the Code node) using
NODES_EXCLUDE.
Resources
- n8n Docs: Task runners
- n8n Docs: Task runner environment variables
- n8n Docs: Security environment variables
- n8n Docs: v2.0 breaking changes
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "n8n"
},
"ranges": [
{
"events": [
{
"introduced": "1.2.1"
},
{
"fixed": "2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-68697"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-749"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-26T18:26:38Z",
"nvd_published_at": "2025-12-26T22:15:52Z",
"severity": "HIGH"
},
"details": "### Impact\n\nIn self-hosted n8n instances where the Code node runs in legacy (non-task-runner) JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node.\n\nThis allows a workflow editor to perform actions on the n8n host with the same privileges as the n8n process, including:\n\n- Reading files from the host filesystem (subject to any file-access restrictions configured on the instance and OS/container permissions)\n- Writing files to the host filesystem (subject to the same restrictions)\n\nStarting with n8n version 1.2.1, access to files in the n8n home directory (`.n8n`) is blocked by default. However, this does not restrict access to other parts of the filesystem unless additional file access limitations are configured.\n\n### Patches\n\n- Upgrade to **n8n version 2.0.0 or later**, where task runners are enabled by default for Code node execution.\n- On **n8n version 1.71.0 and above**, enable task runners by setting `N8N_RUNNERS_ENABLED=true`.\n\n### Workarounds\n\nIf you cannot immediately migrate to task runners:\n\n- Limit file operations by setting `N8N_RESTRICT_FILE_ACCESS_TO` to a dedicated directory (e.g., `~/.n8n-files`) and ensure it contains no sensitive data.\n- Keep `N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES=true` (default) to block access to `.n8n` and user-defined config files.\n- If workflow editors are not fully trusted, consider disabling high-risk nodes (including the Code node) using `NODES_EXCLUDE`.\n\n### Resources\n\n- n8n Docs: [Task runners](https://docs.n8n.io/hosting/configuration/task-runners/)\n- n8n Docs: [Task runner environment variables](https://docs.n8n.io/hosting/configuration/environment-variables/task-runners/)\n- n8n Docs: [Security environment variables](https://docs.n8n.io/hosting/configuration/environment-variables/security/#security-environment-variables)\n- n8n Docs: [v2.0 breaking changes](https://docs.n8n.io/2-0-breaking-changes/#enable-task-runners-by-default)",
"id": "GHSA-j4p8-h8mh-rh8q",
"modified": "2025-12-31T00:20:06Z",
"published": "2025-12-26T18:26:38Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-j4p8-h8mh-rh8q"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68697"
},
{
"type": "PACKAGE",
"url": "https://github.com/n8n-io/n8n"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Self-hosted n8n has Legacy Code node that enables arbitrary file read/write"
}
GHSA-J53Q-VVGG-C52C
Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2020-0899"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-15T15:15:00Z",
"severity": "LOW"
},
"details": "An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka \u0027Microsoft Visual Studio Elevation of Privilege Vulnerability\u0027.",
"id": "GHSA-j53q-vvgg-c52c",
"modified": "2022-05-24T17:14:26Z",
"published": "2022-05-24T17:14:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0899"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-J557-6R6G-GM35
Vulnerability from github – Published: 2024-08-20 15:32 – Updated: 2024-08-20 21:30Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges.
{
"affected": [],
"aliases": [
"CVE-2024-33872"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-20T14:15:08Z",
"severity": "CRITICAL"
},
"details": "Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges.",
"id": "GHSA-j557-6r6g-gm35",
"modified": "2024-08-20T21:30:34Z",
"published": "2024-08-20T15:32:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33872"
},
{
"type": "WEB",
"url": "https://trust.keyfactor.com/?itemUid=d73921fd-bc9e-4e35-a974-cfb628e6a226\u0026source=click"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J55Q-G28W-Q6MV
Vulnerability from github – Published: 2025-05-08 21:32 – Updated: 2025-05-08 21:32On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.
{
"affected": [],
"aliases": [
"CVE-2024-8100"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-08T19:16:01Z",
"severity": "HIGH"
},
"details": "On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.",
"id": "GHSA-j55q-g28w-q6mv",
"modified": "2025-05-08T21:32:56Z",
"published": "2025-05-08T21:32:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8100"
},
{
"type": "WEB",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21316-security-advisory-0116"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J55X-W58Q-G339
Vulnerability from github – Published: 2025-05-22 21:30 – Updated: 2025-05-23 18:32An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component
{
"affected": [],
"aliases": [
"CVE-2024-40462"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-22T19:15:41Z",
"severity": "HIGH"
},
"details": "An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component",
"id": "GHSA-j55x-w58q-g339",
"modified": "2025-05-23T18:32:03Z",
"published": "2025-05-22T21:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40462"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1MDU9FGo36U83yQy55nnVj1syWVy9WLm5/view?usp=drive_link"
},
{
"type": "WEB",
"url": "https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J57H-2GC3-WW5W
Vulnerability from github – Published: 2024-07-26 18:30 – Updated: 2024-08-01 15:32An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation can occur during installations or updates by admins.
{
"affected": [],
"aliases": [
"CVE-2024-27357"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-26T17:15:11Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation can occur during installations or updates by admins.",
"id": "GHSA-j57h-2gc3-ww5w",
"modified": "2024-08-01T15:32:12Z",
"published": "2024-07-26T18:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27357"
},
{
"type": "WEB",
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2024-27357"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J57W-3C39-GPP5
Vulnerability from github – Published: 2022-02-17 00:00 – Updated: 2022-02-25 15:23An unprivileged user of Snipe-IT prior to version 5.3.11 can create maintenance for an asset. Version 5.3.11 contains a patch for this issue.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "snipe/snipe-it"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.3.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-0611"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2022-02-25T15:23:16Z",
"nvd_published_at": "2022-02-16T00:15:00Z",
"severity": "HIGH"
},
"details": "An unprivileged user of Snipe-IT prior to version 5.3.11 can create maintenance for an asset. Version 5.3.11 contains a patch for this issue.",
"id": "GHSA-j57w-3c39-gpp5",
"modified": "2022-02-25T15:23:16Z",
"published": "2022-02-17T00:00:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0611"
},
{
"type": "WEB",
"url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
},
{
"type": "PACKAGE",
"url": "https://github.com/snipe/snipe-it"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Privilege Management in Snipe-IT"
}
GHSA-J5C2-HM46-WP5C
Vulnerability from github – Published: 2021-07-22 19:43 – Updated: 2021-09-03 20:23Impact
An error in the implementation of the limits service in 4.0.0 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability.
Ghost(Pro) has already been patched. Self-hosters are impacted if running Ghost a version between 4.0.0 and 4.9.4. Immediate action should be taken to secure your site - see patches & workarounds below.
It is highly recommended to regenerate all API keys after patching or applying the workaround below.
Patches
Fixed in 4.10.0, all 4.x sites should upgrade as soon as possible.
Workarounds
- Disable all non-Administrator accounts to prevent API access.
For more information
If you have any questions or comments about this advisory: * email us at security@ghost.org
Credits: Aden Yap Chuen Zhen, BAE Systems Applied Intelligence (Malaysia)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "ghost"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.10.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-39192"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-269"
],
"github_reviewed": true,
"github_reviewed_at": "2021-07-20T17:44:30Z",
"nvd_published_at": "2021-09-03T15:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nAn error in the implementation of the limits service in 4.0.0 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability.\n\nGhost(Pro) has already been patched. Self-hosters are impacted if running Ghost a version between 4.0.0 and 4.9.4. Immediate action should be taken to secure your site - see patches \u0026 workarounds below.\n\nIt is highly recommended to regenerate all API keys after patching or applying the workaround below.\n\n### Patches\nFixed in 4.10.0, all 4.x sites should upgrade as soon as possible.\n\n### Workarounds\n- Disable all non-Administrator accounts to prevent API access.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* email us at security@ghost.org\n\n---\nCredits: Aden Yap Chuen Zhen, BAE Systems Applied Intelligence (Malaysia)",
"id": "GHSA-j5c2-hm46-wp5c",
"modified": "2021-09-03T20:23:05Z",
"published": "2021-07-22T19:43:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-j5c2-hm46-wp5c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39192"
},
{
"type": "PACKAGE",
"url": "https://github.com/TryGhost/Ghost"
},
{
"type": "WEB",
"url": "https://github.com/TryGhost/Ghost/releases/tag/v4.10.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Privilege escalation: all users can access Admin-level API keys"
}
GHSA-J5G9-J7R4-6QVX
Vulnerability from github – Published: 2024-01-03 21:50 – Updated: 2024-01-03 21:50Impact
This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft with certain user permissions setups.
Patches
This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
References
https://github.com/craftcms/cms/pull/13932 https://github.com/craftcms/cms/pull/13931 https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16 https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.5.10"
},
"package": {
"ecosystem": "Packagist",
"name": "craftcms/cms"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0-RC1"
},
{
"fixed": "4.5.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.9.5"
},
"package": {
"ecosystem": "Packagist",
"name": "craftcms/cms"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.9.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-21622"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-03T21:50:26Z",
"nvd_published_at": "2024-01-03T17:15:12Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nThis is a potential moderate impact, low complexity privilege escalation vulnerability in Craft with certain user permissions setups.\n\n### Patches\n\nThis has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.\n\n### References\n\nhttps://github.com/craftcms/cms/pull/13932\nhttps://github.com/craftcms/cms/pull/13931\nhttps://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16\nhttps://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16",
"id": "GHSA-j5g9-j7r4-6qvx",
"modified": "2024-01-03T21:50:26Z",
"published": "2024-01-03T21:50:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21622"
},
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/pull/13931"
},
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/pull/13932"
},
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa"
},
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843"
},
{
"type": "PACKAGE",
"url": "https://github.com/craftcms/cms"
},
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16"
},
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Craft CMS Privilege Escalation"
}
GHSA-J5P2-95X6-9MR4
Vulnerability from github – Published: 2024-12-31 00:32 – Updated: 2024-12-31 00:32An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem.
This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0.
{
"affected": [],
"aliases": [
"CVE-2024-13058"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-30T22:15:05Z",
"severity": "MODERATE"
},
"details": "An issue exists in SoftIron HyperCloud\n where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem.\n\nThis issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0.",
"id": "GHSA-j5p2-95x6-9mr4",
"modified": "2024-12-31T00:32:47Z",
"published": "2024-12-31T00:32:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13058"
},
{
"type": "WEB",
"url": "https://advisories.softiron.cloud"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Green",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.