Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5433 vulnerabilities reference this CWE, most recent first.

GHSA-MHGQ-RP37-738W

Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2023-03-04 03:30
VLAI
Details

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-3735"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-20T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.",
  "id": "GHSA-mhgq-rp37-738w",
  "modified": "2023-03-04T03:30:20Z",
  "published": "2022-05-24T16:48:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3735"
    },
    {
      "type": "WEB",
      "url": "http://www.dell.com/support/article/sln317453"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MHGQ-XPFQ-6R66

Vulnerability from github – Published: 2026-04-02 20:46 – Updated: 2026-05-06 02:38
VLAI
Summary
OpenClaw: Unauthenticated plugin-auth HTTP routes receive operator runtime scopes
Details

Summary

Unauthenticated plugin-auth HTTP routes receive operator runtime scopes

Current Maintainer Triage

  • Status: narrow
  • Normalized severity: medium
  • Assessment: v2026.3.28 still gives auth:"plugin" routes operator WRITE_SCOPE, but impact should stay limited to plugin routes that actually touch privileged runtime actions before plugin auth completes.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published npm version: 2026.3.31
  • Vulnerable version range: <=2026.3.28
  • Patched versions: >= 2026.3.31
  • First stable tag containing the fix: v2026.3.31

Fix Commit(s)

  • 2a1db0c0f1fa375004a95ba0ef030534790a6d47 — 2026-04-01T00:20:49+09:00

OpenClaw thanks @davidluzsilva for reporting.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.3.28"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.3.31"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41394"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-02T20:46:03Z",
    "nvd_published_at": "2026-04-28T19:37:42Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\nUnauthenticated plugin-auth HTTP routes receive operator runtime scopes\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: v2026.3.28 still gives auth:\"plugin\" routes operator WRITE_SCOPE, but impact should stay limited to plugin routes that actually touch privileged runtime actions before plugin auth completes.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `\u003c=2026.3.28`\n- Patched versions: `\u003e= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `2a1db0c0f1fa375004a95ba0ef030534790a6d47` \u2014 2026-04-01T00:20:49+09:00\n\nOpenClaw thanks @davidluzsilva for reporting.",
  "id": "GHSA-mhgq-xpfq-6r66",
  "modified": "2026-05-06T02:38:51Z",
  "published": "2026-04-02T20:46:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mhgq-xpfq-6r66"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41394"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/2a1db0c0f1fa375004a95ba0ef030534790a6d47"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-unauthorized-operator-scope-access-in-unauthenticated-plugin-auth-routes"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Unauthenticated plugin-auth HTTP routes receive operator runtime scopes"
}

GHSA-MHM5-5WF9-WH5M

Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2024-04-04 01:57
VLAI
Details

The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-10968"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-16T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax-\u003esave() privilege escalation.",
  "id": "GHSA-mhm5-5wf9-wh5m",
  "modified": "2024-04-04T01:57:20Z",
  "published": "2022-05-24T16:56:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10968"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/peepso-core/#developers"
    },
    {
      "type": "WEB",
      "url": "http://www.pritect.net/blog/peepso-1-6-0-logged-user-privilege-escalation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MHMR-259V-FCWQ

Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-05-24 17:31
VLAI
Details

A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-24630"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-19T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).",
  "id": "GHSA-mhmr-259v-fcwq",
  "modified": "2022-05-24T17:31:13Z",
  "published": "2022-05-24T17:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24630"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04036en_us"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MHP5-2JM9-QW86

Vulnerability from github – Published: 2022-05-25 00:00 – Updated: 2022-06-09 00:00
VLAI
Details

A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-125001"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-24T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended.",
  "id": "GHSA-mhp5-2jm9-qw86",
  "modified": "2022-06-09T00:00:26Z",
  "published": "2022-05-25T00:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-125001"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.13428"
    },
    {
      "type": "WEB",
      "url": "http://www.remote-exploit.org/archives/2014/06/03/ride_with_the_devil"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MHQ3-2C6R-3JXR

Vulnerability from github – Published: 2022-01-15 00:01 – Updated: 2022-07-13 00:01
VLAI
Details

In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695347

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39625"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-14T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695347",
  "id": "GHSA-mhq3-2c6r-3jxr",
  "modified": "2022-07-13T00:01:37Z",
  "published": "2022-01-15T00:01:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39625"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2022-01-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MHRG-W4RH-8C7F

Vulnerability from github – Published: 2021-12-28 00:00 – Updated: 2023-08-08 15:31
VLAI
Details

Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-45896"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-27T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File.",
  "id": "GHSA-mhrg-w4rh-8c7f",
  "modified": "2023-08-08T15:31:28Z",
  "published": "2021-12-28T00:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45896"
    },
    {
      "type": "WEB",
      "url": "https://eddiez.me/hacking-the-nokia-fastmile"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/thedroidgeek/80c379aa43b71015d71da130f85a435a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MHVW-HX74-5RHJ

Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35
VLAI
Details

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Deployment Package). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-35272"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-17T10:40:19Z",
    "severity": "HIGH"
  },
  "details": "Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Deployment Package).  Supported versions that are affected are 8.61 and  8.62. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools.  Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
  "id": "GHSA-mhvw-hx74-5rhj",
  "modified": "2026-06-17T18:35:22Z",
  "published": "2026-06-17T18:35:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35272"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cspujun2026.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MJ2P-JQH8-C5VW

Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2024-01-04 03:30
VLAI
Details

An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1490"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-17T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka \u0027Windows Storage Service Elevation of Privilege Vulnerability\u0027.",
  "id": "GHSA-mj2p-jqh8-c5vw",
  "modified": "2024-01-04T03:30:33Z",
  "published": "2022-05-24T17:25:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1490"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1490"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MJ35-HQJ3-2V6G

Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45
VLAI
Details

Local privilege escalation vulnerability in Windows clients of Netop Vision Pro up to and including 9.7.1 allows a local user to gain administrator privileges whilst using the clients.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27192"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-25T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Local privilege escalation vulnerability in Windows clients of Netop Vision Pro up to and including 9.7.1 allows a local user to gain administrator privileges whilst using the clients.",
  "id": "GHSA-mj35-hqj3-2v6g",
  "modified": "2022-05-24T17:45:25Z",
  "published": "2022-05-24T17:45:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27192"
    },
    {
      "type": "WEB",
      "url": "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/netop-vision-pro-distance-learning-software-is-20-20-in-hindsight"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.