Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5455 vulnerabilities reference this CWE, most recent first.

GHSA-QRF3-CQG5-VV53

Vulnerability from github – Published: 2022-05-01 23:54 – Updated: 2025-04-09 03:56
VLAI
Details

The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-2931"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-07-09T18:41:00Z",
    "severity": "HIGH"
  },
  "details": "The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.",
  "id": "GHSA-qrf3-cqg5-vv53",
  "modified": "2025-04-09T03:56:17Z",
  "published": "2022-05-01T23:54:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2931"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454388"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43696"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10437"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/637-1"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=ee6f958291e2a768fd727e7a67badfff0b67711a"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ee6f958291e2a768fd727e7a67badfff0b67711a"
    },
    {
      "type": "WEB",
      "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30982"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31551"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31614"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32023"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32759"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1630"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/08/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/08/4"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0885.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30126"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QRG7-33RJ-93PF

Vulnerability from github – Published: 2022-09-17 00:00 – Updated: 2026-07-05 00:31
VLAI
Details

An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-36536"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-16T03:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue in the component post_applogin.php of Super Flexible Software GmbH \u0026 Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens.",
  "id": "GHSA-qrg7-33rj-93pf",
  "modified": "2026-07-05T00:31:37Z",
  "published": "2022-09-17T00:00:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36536"
    },
    {
      "type": "WEB",
      "url": "https://www.mgm-sp.com/en/multiple-vulnerabilities-in-syncovery-for-linux"
    },
    {
      "type": "WEB",
      "url": "http://super.com"
    },
    {
      "type": "WEB",
      "url": "http://syncovery.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QRM4-M4FG-RJCV

Vulnerability from github – Published: 2024-05-17 09:31 – Updated: 2024-05-17 09:31
VLAI
Details

Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through 1.5.6.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-32511"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-17T09:15:36Z",
    "severity": "CRITICAL"
  },
  "details": "Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through 1.5.6.",
  "id": "GHSA-qrm4-m4fg-rjcv",
  "modified": "2024-05-17T09:31:02Z",
  "published": "2024-05-17T09:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32511"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/woocommerce-simple-registration/wordpress-simple-registration-for-woocommerce-plugin-1-5-6-unauthenticated-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QRM9-F75W-HG4C

Vulnerability from github – Published: 2025-02-11 18:12 – Updated: 2025-02-11 21:40
VLAI
Summary
Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`
Details

Impact

Applications which have been bootstrapped by the new igniter installer (since AshAuthentication v4.1.0) and who have used the magic link strategy, password resets, confirmation, or are manually revoking tokens are affected by revoked tokens being allowed to verify as valid. If you did not use the new installer, then you are absolutely not affected.

Additionally, unless you have implemented any kind of custom token revocation feature in your application (in which case even cursory testing would have uncovered this issue), then you will not be significantly affected.

The impact here for users is as follows:

  • For users using the magic link strategy, magic link tokens are reusable until they expire instead of being immediately revoked. By default magic link tokens are valid for 10 minutes.
  • For users of password resets in the password strategy, password reset tokens are reusable until they expire instead of being immediately revoked. By default password reset tokens are valid for 3 days.
  • For users of the confirmation add-on, confirmation tokens are reusable until they expire instead of being immediately revoked. By default password reset tokens are valid for 3 days.

Patches

The flaw is patched in version 4.4.9. Additionally a compile time warning is shown to users with remediation instructions if they upgrade. 4.4.9 ships with an upgrader, so if you use mix igniter.upgrade ash_authentication the necessary patch will be applied for you. Otherwise you can run the upgrader manually as described in the error message

Example

[warning] Warning while compiling Tunez.Accounts.Token:

The `:jti` and `:token` options to the `:revoked?` action must allow nil values and it must return a `:boolean`.

This was an error in our igniter installer previous to version 4.4.9, which allowed revoked tokens to be reused.

To fix this, run the following command in your shell:

    mix ash_authentication.upgrade 4.4.8 4.4.9

Or:

  - remove `allow_nil?: false` from these action arguments, and
  - ensure that the action returns `:boolean`.

  like so:

    action :revoked?, :boolean do
      description "Returns true if a revocation token is found for the provided token"
      argument :token, :string, sensitive?: true
      argument :jti, :string, sensitive?: true

      run AshAuthentication.TokenResource.IsRevoked
    end

Workarounds

Delete the generated :revoked? generic action in your token resource This will cause it to use the one internal to AshAuthentication which has always been correct. Alternatively, manually make the changes described above.

References

See the #ash_authentication channel on the Ash Discord.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Hex",
        "name": "ash_authentication"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1.0"
            },
            {
              "fixed": "4.4.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-25202"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-11T18:12:33Z",
    "nvd_published_at": "2025-02-11T19:15:18Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nApplications which have been bootstrapped by the new igniter installer (since AshAuthentication v4.1.0) and who have used the magic link strategy, password resets, confirmation, or are manually revoking tokens are affected by revoked tokens being allowed to verify as valid. If you did not use the new installer, then you are absolutely not affected.\n\nAdditionally, unless you have implemented any kind of custom token revocation feature in your application (in which case even cursory testing would have uncovered this issue), then you will not be significantly affected. \n\nThe impact here for users is as follows:\n\n  - For users using the magic link strategy, magic link tokens are reusable until they expire instead of being immediately revoked. By default magic link tokens are valid for 10 minutes.\n  - For users of password resets in the password strategy, password reset tokens are reusable until they expire instead of being immediately revoked. By default password reset tokens are valid for 3 days.\n  - For users of the confirmation add-on, confirmation tokens are reusable until they expire instead of being immediately revoked. By default password reset tokens are valid for 3 days.\n\n### Patches\n\nThe flaw is patched in version 4.4.9. Additionally a compile time warning is shown to users with remediation instructions if they upgrade. 4.4.9 ships with an upgrader, so if you use `mix igniter.upgrade ash_authentication` the necessary patch will be applied for you. Otherwise you can run the upgrader manually as described in the error message\n\n#### Example\n```elixir\n[warning] Warning while compiling Tunez.Accounts.Token:\n\nThe `:jti` and `:token` options to the `:revoked?` action must allow nil values and it must return a `:boolean`.\n\nThis was an error in our igniter installer previous to version 4.4.9, which allowed revoked tokens to be reused.\n\nTo fix this, run the following command in your shell:\n\n    mix ash_authentication.upgrade 4.4.8 4.4.9\n\nOr:\n\n  - remove `allow_nil?: false` from these action arguments, and\n  - ensure that the action returns `:boolean`.\n\n  like so:\n\n    action :revoked?, :boolean do\n      description \"Returns true if a revocation token is found for the provided token\"\n      argument :token, :string, sensitive?: true\n      argument :jti, :string, sensitive?: true\n\n      run AshAuthentication.TokenResource.IsRevoked\n    end\n```\n\n### Workarounds\n\nDelete the generated `:revoked?` generic action in your token resource This will cause it to use the one internal to AshAuthentication which has always been correct. Alternatively,  manually make the changes described above.\n\n### References\n\nSee the `#ash_authentication` channel on the Ash Discord.",
  "id": "GHSA-qrm9-f75w-hg4c",
  "modified": "2025-02-11T21:40:09Z",
  "published": "2025-02-11T18:12:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/team-alembic/ash_authentication/security/advisories/GHSA-qrm9-f75w-hg4c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25202"
    },
    {
      "type": "WEB",
      "url": "https://github.com/team-alembic/ash_authentication/commit/2dee55252df26fe3d990ff1199397cdcf1bfea8a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/team-alembic/ash_authentication"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`"
}

GHSA-QRP3-JCRP-2P22

Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2022-05-24 17:19
VLAI
Details

An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1272, CVE-2020-1302, CVE-2020-1312.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1277"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-09T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka \u0027Windows Installer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1272, CVE-2020-1302, CVE-2020-1312.",
  "id": "GHSA-qrp3-jcrp-2p22",
  "modified": "2022-05-24T17:19:55Z",
  "published": "2022-05-24T17:19:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1277"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1277"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QV2P-9JP2-M5R3

Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2024-10-08 18:33
VLAI
Details

Windows Kernel Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1682"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-12T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Windows Kernel Elevation of Privilege Vulnerability",
  "id": "GHSA-qv2p-9jp2-m5r3",
  "modified": "2024-10-08T18:33:00Z",
  "published": "2022-05-24T17:38:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1682"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1682"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1682"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-088"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QV32-FG95-8497

Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-05-24 17:31
VLAI
Details

FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-24848"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-23T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.",
  "id": "GHSA-qv32-fg95-8497",
  "modified": "2022-05-24T17:31:58Z",
  "published": "2022-05-24T17:31:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24848"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xtr4nge/FruityWifi/issues/278"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/harsh-bothra/5be73cfd53f1c5bea307c702ae83ff42"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QV3C-3MGW-HQQJ

Vulnerability from github – Published: 2022-12-12 09:30 – Updated: 2022-12-14 21:30
VLAI
Details

Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3641"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-12T09:15:00Z",
    "severity": "HIGH"
  },
  "details": "Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account.",
  "id": "GHSA-qv3c-3mgw-hqqj",
  "modified": "2022-12-14T21:30:17Z",
  "published": "2022-12-12T09:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3641"
    },
    {
      "type": "WEB",
      "url": "https://devolutions.net/security/advisories/DEVO-2022-0010"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QV6F-R8HC-X3JR

Vulnerability from github – Published: 2022-06-11 00:00 – Updated: 2022-06-18 00:00
VLAI
Details

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30610"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-10T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363.",
  "id": "GHSA-qv6f-r8hc-x3jr",
  "modified": "2022-06-18T00:00:24Z",
  "published": "2022-06-11T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30610"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/227363"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6593721"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QV95-G3GM-X542

Vulnerability from github – Published: 2021-10-12 16:39 – Updated: 2022-08-10 23:49
VLAI
Summary
Hashicorp Vault Privilege Escalation Vulnerability
Details

HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/vault"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.7.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/vault"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.8.0"
            },
            {
              "fixed": "1.8.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-41802"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-732"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-10-11T18:57:45Z",
    "nvd_published_at": "2021-10-08T17:15:00Z",
    "severity": "LOW"
  },
  "details": "HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user\u2019s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.",
  "id": "GHSA-qv95-g3gm-x542",
  "modified": "2022-08-10T23:49:29Z",
  "published": "2021-10-12T16:39:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41802"
    },
    {
      "type": "WEB",
      "url": "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hashicorp/vault"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202207-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Hashicorp Vault Privilege Escalation Vulnerability"
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.