Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5455 vulnerabilities reference this CWE, most recent first.

GHSA-RVP9-28C4-MWJ2

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2023-08-02 00:30
VLAI
Details

Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-41345.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40489"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-13T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-41345.",
  "id": "GHSA-rvp9-28c4-mwj2",
  "modified": "2023-08-02T00:30:37Z",
  "published": "2022-05-24T19:17:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40489"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40489"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1156"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RVR3-6WW6-H9M5

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06
VLAI
Details

Splinterware System Scheduler Professional version 5.30 is subject to insecure folders permissions issue impacting where the service 'WindowsScheduler' calls its executable. This allow a non-privileged user to execute arbitrary code with elevated privileges (system level privileges as "nt authority\system") since the service runs as Local System.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31771"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-06T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Splinterware System Scheduler Professional version 5.30 is subject to insecure folders permissions issue impacting where the service \u0027WindowsScheduler\u0027 calls its executable. This allow a non-privileged user to execute arbitrary code with elevated privileges (system level privileges as \"nt authority\\system\") since the service runs as Local System.",
  "id": "GHSA-rvr3-6ww6-h9m5",
  "modified": "2022-05-24T19:06:56Z",
  "published": "2022-05-24T19:06:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31771"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/162540/Splinterware-System-Scheduler-Professional-5.30-Privilege-Escalation.html"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/49858"
    },
    {
      "type": "WEB",
      "url": "http://splinterware.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-RVXR-PF5F-J2QJ

Vulnerability from github – Published: 2022-12-21 12:30 – Updated: 2025-05-07 17:39
VLAI
Summary
OpenStack Kolla sudo privilege escalation vulnerability
Details

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "kolla"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "15.0.0.0rc1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-38060"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-426"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-07T17:39:19Z",
    "nvd_published_at": "2022-12-21T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.",
  "id": "GHSA-rvxr-pf5f-j2qj",
  "modified": "2025-05-07T17:39:19Z",
  "published": "2022-12-21T12:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38060"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/kolla/commit/2a4a8fce31c12114e8f472c24dd96864b5bd2bd2"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/kolla/+bug/1985784"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124758"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/kolla"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1589"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenStack Kolla sudo privilege escalation vulnerability"
}

GHSA-RW23-MPWM-7VMH

Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2022-05-24 16:56
VLAI
Details

An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1267"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-11T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka \u0027Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability\u0027.",
  "id": "GHSA-rw23-mpwm-7vmh",
  "modified": "2022-05-24T16:56:01Z",
  "published": "2022-05-24T16:56:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1267"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1267"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-RW5W-RWV8-V6HF

Vulnerability from github – Published: 2022-08-17 00:00 – Updated: 2022-08-18 00:00
VLAI
Details

A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running container the ability to escalate their own privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-10728"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-16T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running container the ability to escalate their own privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
  "id": "GHSA-rw5w-rwv8-v6hf",
  "modified": "2022-08-18T00:00:17Z",
  "published": "2022-08-17T00:00:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10728"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829674"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RW7C-R2HJ-99VQ

Vulnerability from github – Published: 2022-04-06 00:01 – Updated: 2022-04-15 00:01
VLAI
Details

An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-45891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-05T02:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side.",
  "id": "GHSA-rw7c-r2hj-99vq",
  "modified": "2022-04-15T00:01:18Z",
  "published": "2022-04-06T00:01:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45891"
    },
    {
      "type": "WEB",
      "url": "https://syss.de"
    },
    {
      "type": "WEB",
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-063.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RW7V-M69X-MFM5

Vulnerability from github – Published: 2022-08-25 00:00 – Updated: 2022-08-28 00:00
VLAI
Details

An unprivileged app can trigger PowerVR driver to return an uninitialized heap memory causing information disclosure.Product: AndroidVersions: Android SoCAndroid ID: A-236849490

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-24T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "An unprivileged app can trigger PowerVR driver to return an uninitialized heap memory causing information disclosure.Product: AndroidVersions: Android SoCAndroid ID: A-236849490",
  "id": "GHSA-rw7v-m69x-mfm5",
  "modified": "2022-08-28T00:00:26Z",
  "published": "2022-08-25T00:00:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0891"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2022-08-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RW97-Q7V4-XHHQ

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15
VLAI
Details

An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-26333"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-909"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-21T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.",
  "id": "GHSA-rw97-q7v4-xhhq",
  "modified": "2022-05-24T19:15:23Z",
  "published": "2022-05-24T19:15:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26333"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Sep/24"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RWJF-J42W-JFR4

Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14
VLAI
Details

An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-12522"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-15T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.",
  "id": "GHSA-rwjf-j42w-jfr4",
  "modified": "2022-05-24T17:14:19Z",
  "published": "2022-05-24T17:14:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12522"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210205-0006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-RWMR-CQ99-WX42

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-07-13 00:01
VLAI
Details

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rstp://.../medias2 does not require authorization.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40379"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-01T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rstp://.../medias2 does not require authorization.",
  "id": "GHSA-rwmr-cq99-wx42",
  "modified": "2022-07-13T00:01:39Z",
  "published": "2022-05-24T19:12:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40379"
    },
    {
      "type": "WEB",
      "url": "https://github.com/icekam/0day/blob/main/Compro-Technology-Camera-has-multiple-vulnerabilities.md"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/164026/Compro-Technology-IP-Camera-RTSP-Stream-Disclosure.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.