CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5436 vulnerabilities reference this CWE, most recent first.
GHSA-MXGH-5JC3-JF47
Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2023-01-12 18:30FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge's response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any user can elevate to Administrator privilege.
{
"affected": [],
"aliases": [
"CVE-2019-17202"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-23T15:15:00Z",
"severity": "HIGH"
},
"details": "FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge\u0027s response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any user can elevate to Administrator privilege.",
"id": "GHSA-mxgh-5jc3-jf47",
"modified": "2023-01-12T18:30:29Z",
"published": "2022-05-24T17:07:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17202"
},
{
"type": "WEB",
"url": "https://improsec.com/en/responsible-disclosure"
},
{
"type": "WEB",
"url": "https://www.adminbyrequest.com/en/releasenotes"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MXGR-M298-W3C9
Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-12450"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-17T13:20:00Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-mxgr-m298-w3c9",
"modified": "2026-06-17T18:35:46Z",
"published": "2026-06-17T18:35:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12450"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/514531776"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MXH4-P4W6-G844
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2026-07-14 12:31sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
{
"affected": [],
"aliases": [
"CVE-2021-41617"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-26T19:15:00Z",
"severity": "HIGH"
},
"details": "sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.",
"id": "GHSA-mxh4-p4w6-g844",
"modified": "2026-07-14T12:31:05Z",
"published": "2022-05-24T19:15:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41617"
},
{
"type": "WEB",
"url": "https://www.tenable.com/plugins/nessus/154174"
},
{
"type": "WEB",
"url": "https://www.starwindsoftware.com/security/sw-20220805-0001"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2021/09/26/1"
},
{
"type": "WEB",
"url": "https://www.openssh.com/txt/release-8.8"
},
{
"type": "WEB",
"url": "https://www.openssh.com/security.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211014-0004"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1190975"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MXM4-F7VP-H4Q7
Vulnerability from github – Published: 2025-07-23 15:31 – Updated: 2025-07-23 15:31A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user in the sudo group to invoke the InstallPackage method without password authentication. By default, the first user created on Deepin is in the sudo group. An attacker with shell access can craft a .deb package containing a malicious post-install script and use dbus-send to install it via lastore-daemon, resulting in arbitrary code execution as root.
{
"affected": [],
"aliases": [
"CVE-2016-15045"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-23T14:15:31Z",
"severity": "HIGH"
},
"details": "A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user in the sudo group to invoke the InstallPackage method without password authentication. By default, the first user created on Deepin is in the sudo group. An attacker with shell access can craft a .deb package containing a malicious post-install script and use dbus-send to install it via lastore-daemon, resulting in arbitrary code execution as root.",
"id": "GHSA-mxm4-f7vp-h4q7",
"modified": "2025-07-23T15:31:13Z",
"published": "2025-07-23T15:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-15045"
},
{
"type": "WEB",
"url": "https://github.com/linuxdeepin/lastore-daemon"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/lastore_daemon_dbus_priv_esc.rb"
},
{
"type": "WEB",
"url": "https://www.deepin.org/en/mirrors/releases"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/39433"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/44523"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/deepin-lastore-daemon-priv-esc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MXM6-XWQW-P92F
Vulnerability from github – Published: 2026-04-11 03:30 – Updated: 2026-04-11 03:30The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper authorization checks. The groupblog-blogid parameter allows any group admin (including Subscribers who create their own group) to associate their group with any blog on the Multisite network, including the main site (blog ID 1). The default-member parameter accepts any WordPress role, including administrator, without validation against a whitelist. When combined with groupblog-silent-add, any user who joins the attacker's group is automatically added to the targeted blog with the injected role. This makes it possible for authenticated attackers, with Subscriber-level access and above, to escalate any user (including themselves via a second account) to Administrator on the main site of the Multisite network.
{
"affected": [],
"aliases": [
"CVE-2026-5144"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-11T02:16:02Z",
"severity": "HIGH"
},
"details": "The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblog-blogid`, `default-member`, and `groupblog-silent-add` parameters from user input without proper authorization checks. The `groupblog-blogid` parameter allows any group admin (including Subscribers who create their own group) to associate their group with any blog on the Multisite network, including the main site (blog ID 1). The `default-member` parameter accepts any WordPress role, including `administrator`, without validation against a whitelist. When combined with `groupblog-silent-add`, any user who joins the attacker\u0027s group is automatically added to the targeted blog with the injected role. This makes it possible for authenticated attackers, with Subscriber-level access and above, to escalate any user (including themselves via a second account) to Administrator on the main site of the Multisite network.",
"id": "GHSA-mxm6-xwqw-p92f",
"modified": "2026-04-11T03:30:30Z",
"published": "2026-04-11T03:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5144"
},
{
"type": "WEB",
"url": "https://github.com/boonebgorges/bp-groupblog/commit/b824593add9e2c53ef4f0d2e0824d4de0785411f"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/bp-groupblog/tags/1.9.3/bp-groupblog.php#L190"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/bp-groupblog/tags/1.9.3/bp-groupblog.php#L220"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/bp-groupblog/tags/1.9.3/bp-groupblog.php#L450"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/bp-groupblog/trunk/bp-groupblog.php#L190"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/bp-groupblog/trunk/bp-groupblog.php#L220"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/bp-groupblog/trunk/bp-groupblog.php#L450"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8129046a-5aa5-4644-babc-0eca9aa524d2?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MXV4-G2W3-Q67W
Vulnerability from github – Published: 2022-05-24 17:21 – Updated: 2022-05-24 17:21Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.
{
"affected": [],
"aliases": [
"CVE-2020-9592"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-25T22:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.",
"id": "GHSA-mxv4-g2w3-q67w",
"modified": "2022-05-24T17:21:50Z",
"published": "2022-05-24T17:21:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9592"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb20-24.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MXXC-9R58-2XRQ
Vulnerability from github – Published: 2024-10-10 09:30 – Updated: 2024-10-10 09:30Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.
{
"affected": [],
"aliases": [
"CVE-2024-22068"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-521"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-10T09:15:03Z",
"severity": "MODERATE"
},
"details": "Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.",
"id": "GHSA-mxxc-9r58-2xrq",
"modified": "2024-10-10T09:30:35Z",
"published": "2024-10-10T09:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22068"
},
{
"type": "WEB",
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/5359853646778130472"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P222-VPCP-XW36
Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2022-05-24 17:33A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient security controls on the CLI. An attacker could exploit this vulnerability by using an affected CLI utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges.
{
"affected": [],
"aliases": [
"CVE-2020-3600"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-06T19:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient security controls on the CLI. An attacker could exploit this vulnerability by using an affected CLI utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges.",
"id": "GHSA-p222-vpcp-xw36",
"modified": "2022-05-24T17:33:22Z",
"published": "2022-05-24T17:33:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3600"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepeshlg-tJghOQcA"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-P249-VR5G-FF3H
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-05-24 17:26The client (aka GalaxyClientService.exe) in GOG GALAXY 2.0.19 allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based "trusted client" protection mechanism.
{
"affected": [],
"aliases": [
"CVE-2020-24574"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-798"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-21T04:15:00Z",
"severity": "MODERATE"
},
"details": "The client (aka GalaxyClientService.exe) in GOG GALAXY 2.0.19 allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based \"trusted client\" protection mechanism.",
"id": "GHSA-p249-vr5g-ff3h",
"modified": "2022-05-24T17:26:20Z",
"published": "2022-05-24T17:26:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24574"
},
{
"type": "WEB",
"url": "https://github.com/jtesta/gog_galaxy_client_service_poc/issues/1#issuecomment-926932218"
},
{
"type": "WEB",
"url": "https://github.com/jtesta/gog_galaxy_client_service_poc"
},
{
"type": "WEB",
"url": "https://www.gog.com/galaxy"
},
{
"type": "WEB",
"url": "https://www.positronsecurity.com/blog/2020-08-13-gog-galaxy_client-local-privilege-escalation_deuce"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P24F-9HFJ-FG7M
Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2024-01-01 00:30An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka 'Microsoft COM for Windows Elevation of Privilege Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2020-1507"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-11T17:15:00Z",
"severity": "HIGH"
},
"details": "An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka \u0027Microsoft COM for Windows Elevation of Privilege Vulnerability\u0027.",
"id": "GHSA-p24f-9hfj-fg7m",
"modified": "2024-01-01T00:30:42Z",
"published": "2022-05-24T17:28:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1507"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1507"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.