CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5439 vulnerabilities reference this CWE, most recent first.
GHSA-JGXM-7VMW-79H7
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-08-16 00:00A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.
{
"affected": [],
"aliases": [
"CVE-2020-35517"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-28T20:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.",
"id": "GHSA-jgxm-7vmw-79h7",
"modified": "2022-08-16T00:00:44Z",
"published": "2022-05-24T17:40:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35517"
},
{
"type": "WEB",
"url": "https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2021:0639"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2021:0711"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2021:0743"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2020-35517"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210312-0002"
},
{
"type": "WEB",
"url": "https://virtio-fs.gitlab.io"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2021/01/22/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JH68-P5RF-GMH3
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2024-03-21 03:34** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
{
"affected": [],
"aliases": [
"CVE-2021-28250"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-26T08:15:00Z",
"severity": "HIGH"
},
"details": "** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
"id": "GHSA-jh68-p5rf-gmh3",
"modified": "2024-03-21T03:34:03Z",
"published": "2022-05-24T17:45:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28250"
},
{
"type": "WEB",
"url": "https://n4nj0.github.io/advisories/ca-ehealth-performance-manager"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JH79-4MGV-7X78
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2023-08-02 00:30Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31168, CVE-2021-31208.
{
"affected": [],
"aliases": [
"CVE-2021-31169"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-11T19:15:00Z",
"severity": "HIGH"
},
"details": "Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31168, CVE-2021-31208.",
"id": "GHSA-jh79-4mgv-7x78",
"modified": "2023-08-02T00:30:31Z",
"published": "2022-05-24T19:02:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31169"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31169"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/162557/Windows-Container-Manager-Service-Arbitrary-Object-Directory-Creation-Privilege-Escalation.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JH7P-456P-4Q3C
Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307.
{
"affected": [],
"aliases": [
"CVE-2020-1316"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-09T20:15:00Z",
"severity": "HIGH"
},
"details": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka \u0027Windows Kernel Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307.",
"id": "GHSA-jh7p-456p-4q3c",
"modified": "2022-05-24T17:20:00Z",
"published": "2022-05-24T17:20:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1316"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1316"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JHCX-MX78-228G
Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2022-04-06 00:01In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477
{
"affected": [],
"aliases": [
"CVE-2021-39784"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-30T16:15:00Z",
"severity": "HIGH"
},
"details": "In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477",
"id": "GHSA-jhcx-mx78-228g",
"modified": "2022-04-06T00:01:51Z",
"published": "2022-03-31T00:00:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39784"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-12l"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JHG6-6QRX-38MR
Vulnerability from github – Published: 2024-09-18 17:42 – Updated: 2024-11-18 16:27Background
Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected
For example, given this schema:
definition user {}
caveat somecaveat(somefield int) {
somefield == 42
}
definition group {
relation member: user
}
definition resource {
relation viewer: group#member with somecaveat
permission view = folder->view
}
If the resource has multiple groups, and each group is caveated, it is possible for the returned permission to be "no permission" when permission is expected.
Impact
Permission is returned as NO_PERMISSION when PERMISSION is expected on the CheckPermission API.
Workarounds
Do not use caveats or do not use caveats on an indirect subject type with multiple entries
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/authzed/spicedb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.35.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-46989"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-285"
],
"github_reviewed": true,
"github_reviewed_at": "2024-09-18T17:42:46Z",
"nvd_published_at": "2024-09-18T18:15:07Z",
"severity": "MODERATE"
},
"details": "## Background\n\nMultiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected\n\nFor example, given this schema:\n\n```\ndefinition user {}\n\ncaveat somecaveat(somefield int) {\n somefield == 42\n}\n\ndefinition group {\n relation member: user\n}\n\ndefinition resource {\n relation viewer: group#member with somecaveat\n permission view = folder-\u003eview\n}\n```\n\nIf the resource has multiple groups, and each group is caveated, it is possible for the returned permission to be \"no permission\" when permission is expected.\n\n## Impact\nPermission is returned as NO_PERMISSION when PERMISSION is expected on the CheckPermission API.\n\n## Workarounds\nDo not use caveats or do not use caveats on an indirect subject type with multiple entries",
"id": "GHSA-jhg6-6qrx-38mr",
"modified": "2024-11-18T16:27:14Z",
"published": "2024-09-18T17:42:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/authzed/spicedb/security/advisories/GHSA-jhg6-6qrx-38mr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46989"
},
{
"type": "WEB",
"url": "https://github.com/authzed/spicedb/commit/20855de75812bcbc975efebe7f76abf47c0f3edb"
},
{
"type": "WEB",
"url": "https://github.com/authzed/spicedb/commit/d4ef8e1dbce1eafaf25847f4c0f09738820f5bf2"
},
{
"type": "PACKAGE",
"url": "https://github.com/authzed/spicedb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "SpiceDB having multiple caveats on resources of the same type may improperly result in no permission"
}
GHSA-JHH2-R24W-JGWM
Vulnerability from github – Published: 2024-07-02 09:32 – Updated: 2024-07-02 09:32Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access.
{
"affected": [],
"aliases": [
"CVE-2024-37133"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-02T08:15:05Z",
"severity": "MODERATE"
},
"details": "Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access.",
"id": "GHSA-jhh2-r24w-jgwm",
"modified": "2024-07-02T09:32:06Z",
"published": "2024-07-02T09:32:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37133"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000226569/dsa-2024-255-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JHJV-8QFC-CGJ4
Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes.
{
"affected": [],
"aliases": [
"CVE-2017-7922"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-21T19:29:00Z",
"severity": "HIGH"
},
"details": "An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes.",
"id": "GHSA-jhjv-8qfc-cgj4",
"modified": "2022-05-13T01:36:14Z",
"published": "2022-05-13T01:36:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7922"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99083"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-JHRJ-5WFP-8CW5
Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-05-24 17:46Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.
{
"affected": [],
"aliases": [
"CVE-2021-1787"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-02T18:15:00Z",
"severity": "HIGH"
},
"details": "Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.",
"id": "GHSA-jhrj-5wfp-8cw5",
"modified": "2022-05-24T17:46:21Z",
"published": "2022-05-24T17:46:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1787"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212146"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212147"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212148"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212149"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JHRW-H349-FV5W
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02Windows WalletService Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2021-31187"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-11T19:15:00Z",
"severity": "HIGH"
},
"details": "Windows WalletService Elevation of Privilege Vulnerability",
"id": "GHSA-jhrw-h349-fv5w",
"modified": "2022-05-24T19:02:00Z",
"published": "2022-05-24T19:02:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31187"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31187"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-571"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.