Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5439 vulnerabilities reference this CWE, most recent first.

GHSA-P88J-JQX4-PP79

Vulnerability from github – Published: 2023-03-27 18:30 – Updated: 2023-04-03 18:32
VLAI
Details

The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugin before 1.2.9, doctor-listing WordPress plugin before 1.3.6, Hotel Listing WordPress plugin before 1.3.7, fitness-trainer WordPress plugin before 1.4.1, wp-membership WordPress plugin before 1.5.7, sold by the same developer (e-plugins), do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function iv_directories_update_profile_setting() uses update_user_meta with any data provided by the ajax call, which can be used to give the logged in user admin capabilities. Since the plugins allow user registration via a custom form (even if the blog does not allow users to register) it makes any site using it vulnerable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36666"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-27T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugin before 1.2.9, doctor-listing WordPress plugin before 1.3.6, Hotel Listing WordPress plugin before 1.3.7, fitness-trainer WordPress plugin before 1.4.1, wp-membership WordPress plugin before 1.5.7, sold by the same developer (e-plugins), do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function iv_directories_update_profile_setting() uses update_user_meta with any data provided by the ajax call, which can be used to give the logged in user admin capabilities. Since the plugins allow user registration via a custom form (even if the blog does not allow users to register) it makes any site using it vulnerable.",
  "id": "GHSA-p88j-jqx4-pp79",
  "modified": "2023-04-03T18:32:10Z",
  "published": "2023-03-27T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36666"
    },
    {
      "type": "WEB",
      "url": "https://codecanyon.net/user/e-plugins"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/d079cb16-ead5-4bc8-b0b8-4a4dc2a54c96"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P8G6-5MG7-9R5Q

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2024-04-23 22:32
VLAI
Summary
Drupal REST API can bypass comment approval
Details

In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0"
            },
            {
              "fixed": "8.3.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/drupal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0"
            },
            {
              "fixed": "8.3.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-6924"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-23T22:32:43Z",
    "nvd_published_at": "2019-01-15T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments.",
  "id": "GHSA-p8g6-5mg7-9r5q",
  "modified": "2024-04-23T22:32:43Z",
  "published": "2022-05-13T01:36:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6924"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6924.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6924.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/drupal/core"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/SA-CORE-2017-004"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100368"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039200"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Drupal REST API can bypass comment approval"
}

GHSA-P8GR-7QCG-86P9

Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2025-10-22 00:32
VLAI
Details

Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38649.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38648"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-15T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38649.",
  "id": "GHSA-p8gr-7qcg-86p9",
  "modified": "2025-10-22T00:32:19Z",
  "published": "2022-05-24T19:14:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38648"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38648"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38648"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/164925/Microsoft-OMI-Management-Interface-Authentication-Bypass.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P8H7-62G7-C54H

Vulnerability from github – Published: 2022-08-10 00:00 – Updated: 2022-08-10 00:00
VLAI
Details

Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35763, CVE-2022-35764, CVE-2022-35765, CVE-2022-35792.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-35762"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-09T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35763, CVE-2022-35764, CVE-2022-35765, CVE-2022-35792.",
  "id": "GHSA-p8h7-62g7-c54h",
  "modified": "2022-08-10T00:00:18Z",
  "published": "2022-08-10T00:00:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35762"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35762"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35762"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P8J9-XG3X-HPH5

Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2022-05-24 17:00
VLAI
Details

Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service, or information disclosure via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-0139"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-14T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service, or information disclosure via local access.",
  "id": "GHSA-p8j9-xg3x-hph5",
  "modified": "2022-05-24T17:00:53Z",
  "published": "2022-05-24T17:00:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0139"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K08441753?utm_source=f5support\u0026amp;utm_medium=RSS"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-P8JH-4P5P-2RFP

Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-07-01 19:45
VLAI
Summary
Jenkins Job Import Plugin does not perform a permission check in an HTTP endpoint
Details

Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.

An enumeration of credentials IDs in Job Import Plugin 143.145.v48f9a_a_6ff384 requires Job Import/Import Jobs permission.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:job-import-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "143.145.v48f9a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-48926"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-01T19:45:17Z",
    "nvd_published_at": "2026-05-27T15:16:32Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint.\n\nThis allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.\n\nAn enumeration of credentials IDs in Job Import Plugin 143.145.v48f9a_a_6ff384 requires Job Import/Import Jobs permission.",
  "id": "GHSA-p8jh-4p5p-2rfp",
  "modified": "2026-07-01T19:45:17Z",
  "published": "2026-05-27T15:33:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48926"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/job-import-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3783"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins Job Import Plugin does not perform a permission check in an HTTP endpoint"
}

GHSA-P8RM-72HP-945C

Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2022-05-24 17:06
VLAI
Details

Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a TLS/SSL client profile, the privileges are dropped, and the library will be loaded, resulting in arbitrary code execution as a user with limited privileges. This greatly reduces the impact of the vulnerability.)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-5180"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-14T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a TLS/SSL client profile, the privileges are dropped, and the library will be loaded, resulting in arbitrary code execution as a user with limited privileges. This greatly reduces the impact of the vulnerability.)",
  "id": "GHSA-p8rm-72hp-945c",
  "modified": "2022-05-24T17:06:10Z",
  "published": "2022-05-24T17:06:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5180"
    },
    {
      "type": "WEB",
      "url": "https://www.sparklabs.com/blog"
    },
    {
      "type": "WEB",
      "url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-P8X8-WGF2-JRJM

Vulnerability from github – Published: 2026-04-16 00:54 – Updated: 2026-04-16 00:54
VLAI
Details

The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied Base64-encoded user ID in the token parameter to identify users, leaking valid authentication tokens through the 'barcodeScannerConfigs' action, and lacking meta-key restrictions on the 'setUserMeta' action. This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator by first spoofing the admin user ID to leak their authentication token, then using that token to update any user's 'wp_capabilities' meta to gain full administrative access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-4880"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-16T00:16:29Z",
    "severity": "CRITICAL"
  },
  "details": "The Barcode Scanner (+Mobile App) \u2013 Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied Base64-encoded user ID in the token parameter to identify users, leaking valid authentication tokens through the \u0027barcodeScannerConfigs\u0027 action, and lacking meta-key restrictions on the \u0027setUserMeta\u0027 action. This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator by first spoofing the admin user ID to leak their authentication token, then using that token to update any user\u0027s \u0027wp_capabilities\u0027 meta to gain full administrative access.",
  "id": "GHSA-p8x8-wgf2-jrjm",
  "modified": "2026-04-16T00:54:04Z",
  "published": "2026-04-16T00:54:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4880"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/trunk/src/Core.php?rev=3391688#L498"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3506824/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders#file30"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a213e844-a0d3-4123-9f72-caef7702804c?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P93P-WV67-G7HR

Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2024-01-01 00:30
VLAI
Details

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1245"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-11T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027.",
  "id": "GHSA-p93p-wv67-g7hr",
  "modified": "2024-01-01T00:30:41Z",
  "published": "2022-05-24T17:28:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1245"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1245"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P95J-356C-HGX2

Vulnerability from github – Published: 2023-09-11 21:30 – Updated: 2024-04-04 07:36
VLAI
Details

In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-35667"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-11T21:15:41Z",
    "severity": "HIGH"
  },
  "details": "In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-p95j-356c-hgx2",
  "modified": "2024-04-04T07:36:32Z",
  "published": "2023-09-11T21:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35667"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/d8355ac47e068ad20c6a7b1602e72f0585ec0085"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2023-09-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.