Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5451 vulnerabilities reference this CWE, most recent first.

GHSA-Q54W-3C98-XJCG

Vulnerability from github – Published: 2023-04-27 21:30 – Updated: 2024-04-04 03:42
VLAI
Details

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-28261"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-27T19:15:20Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability",
  "id": "GHSA-q54w-3c98-xjcg",
  "modified": "2024-04-04T03:42:54Z",
  "published": "2023-04-27T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28261"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28261"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202309-17"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q56M-MX82-79XW

Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2022-05-24 17:28
VLAI
Details

In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-14100"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-11T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Xiaomi router R3600 ROM version\u003c1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability.",
  "id": "GHSA-q56m-mx82-79xw",
  "modified": "2022-05-24T17:28:02Z",
  "published": "2022-05-24T17:28:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14100"
    },
    {
      "type": "WEB",
      "url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=20\u0026locale=en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q56X-P6GM-CHWQ

Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18
VLAI
Details

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1135"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-21T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka \u0027Windows Graphics Component Elevation of Privilege Vulnerability\u0027.",
  "id": "GHSA-q56x-p6gm-chwq",
  "modified": "2022-05-24T17:18:30Z",
  "published": "2022-05-24T17:18:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1135"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1135"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q586-Q77X-838F

Vulnerability from github – Published: 2024-09-23 21:30 – Updated: 2024-09-30 18:31
VLAI
Details

An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8263"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-23T21:15:12Z",
    "severity": "MODERATE"
  },
  "details": "An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1.\u00a0This vulnerability was reported via the GitHub Bug Bounty program.",
  "id": "GHSA-q586-q77x-838f",
  "modified": "2024-09-30T18:31:36Z",
  "published": "2024-09-23T21:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8263"
    },
    {
      "type": "WEB",
      "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.17"
    },
    {
      "type": "WEB",
      "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.15"
    },
    {
      "type": "WEB",
      "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.9"
    },
    {
      "type": "WEB",
      "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.4"
    },
    {
      "type": "WEB",
      "url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q58Q-5FJ7-R8PX

Vulnerability from github – Published: 2023-07-24 09:30 – Updated: 2024-04-04 06:19
VLAI
Details

An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38058"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-24T09:15:10Z",
    "severity": "MODERATE"
  },
  "details": "An improper privilege check in the OTRS ticket move action in the agent interface allows   any as agent authenticated attacker to  to perform a move of an ticket without the needed permission.\nThis issue affects OTRS: from 8.0.X before 8.0.35.\n\n",
  "id": "GHSA-q58q-5fj7-r8px",
  "modified": "2024-04-04T06:19:37Z",
  "published": "2023-07-24T09:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38058"
    },
    {
      "type": "WEB",
      "url": "https://otrs.com/release-notes/otrs-security-advisory-2023-07"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q58R-654C-JM37

Vulnerability from github – Published: 2023-06-06 12:30 – Updated: 2024-04-04 04:35
VLAI
Details

The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2833"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-06T10:15:09Z",
    "severity": "HIGH"
  },
  "details": "The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the \u0027rx_set_screen_options\u0027 function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the \u0027wp_screen_options[option]\u0027 and \u0027wp_screen_options[value]\u0027 parameters during a screen option update.",
  "id": "GHSA-q58r-654c-jm37",
  "modified": "2024-04-04T04:35:02Z",
  "published": "2023-06-06T12:30:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2833"
    },
    {
      "type": "WEB",
      "url": "https://lana.codes/lanavdb/a889c3ff-5df0-4d7e-951f-0b0406468efa"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/reviewx/tags/1.6.13/includes/rx-functions.php#L972"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2916148%40reviewx\u0026old=2912114%40reviewx\u0026sfp_email=\u0026sfph_mail=#file472"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/blog/2023/05/wpdeveloper-addresses-privilege-escalation-vulnerability-in-reviewx-wordpress-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/70e1d701-2cff-4793-9e4c-5b16a4038e8d?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q5C8-GR3M-67M2

Vulnerability from github – Published: 2022-04-30 18:18 – Updated: 2022-04-30 18:18
VLAI
Details

Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2002-0049"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2002-03-08T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Exchange Server 2000 System Attendant gives \"Everyone\" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.",
  "id": "GHSA-q5c8-gr3m-67m2",
  "modified": "2022-04-30T18:18:26Z",
  "published": "2022-04-30T18:18:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0049"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-003"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8092"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1022"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/2042"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/4053"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q5G9-QJ36-XXM3

Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2023-02-03 18:30
VLAI
Details

An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-38774"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-26T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.",
  "id": "GHSA-q5g9-qj36-xxm3",
  "modified": "2023-02-03T18:30:24Z",
  "published": "2023-01-26T21:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38774"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/endpoint-security-8-4-0-7-17-7-and-endgame-3-62-3-security-statement/323754"
    },
    {
      "type": "WEB",
      "url": "https://www.elastic.co/community/security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q5MW-M62P-XJVX

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-07-13 00:00
VLAI
Details

In onReceive of ImsPhoneCallTracker.java, there is a possible misattribution of data usage due to an incorrect broadcast handler. This could lead to local escalation of privilege resulting in attributing video call data to the wrong app, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162741489

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0388"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-10T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "In onReceive of ImsPhoneCallTracker.java, there is a possible misattribution of data usage due to an incorrect broadcast handler. This could lead to local escalation of privilege resulting in attributing video call data to the wrong app, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162741489",
  "id": "GHSA-q5mw-m62p-xjvx",
  "modified": "2022-07-13T00:00:58Z",
  "published": "2022-05-24T17:44:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0388"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2021-03-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q5P5-XG93-2JQC

Vulnerability from github – Published: 2023-07-06 21:14 – Updated: 2023-07-06 23:31
VLAI
Summary
Apache InLong Improper Privilege Management vulnerability
Details

Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.  When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login request and following it with a subsequent HTTP request using the returned cookie.

Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 to solve it.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.inlong:manager-pojo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.2.0"
            },
            {
              "fixed": "1.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.inlong:manager-dao"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.2.0"
            },
            {
              "fixed": "1.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.inlong:manager-service"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.2.0"
            },
            {
              "fixed": "1.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.inlong:manager-web"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.2.0"
            },
            {
              "fixed": "1.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-31062"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-06T23:31:27Z",
    "nvd_published_at": "2023-05-22T16:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.\u00a0 When\u00a0the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login request and following it with a subsequent HTTP request using the returned cookie.\n\nUsers are advised to upgrade to Apache InLong\u0027s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 to solve it.\n\n\n\n\n",
  "id": "GHSA-q5p5-xg93-2jqc",
  "modified": "2023-07-06T23:31:27Z",
  "published": "2023-07-06T21:14:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31062"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/inlong/pull/7836"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/inlong"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/btorjbo9o71h22tcvxzy076022hjdzq0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache InLong Improper Privilege Management vulnerability"
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.