Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5455 vulnerabilities reference this CWE, most recent first.

GHSA-VCPF-HJM3-54FR

Vulnerability from github – Published: 2026-03-25 03:31 – Updated: 2026-03-26 15:30
VLAI
Details

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access protected user data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20607"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T01:17:03Z",
    "severity": "MODERATE"
  },
  "details": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access protected user data.",
  "id": "GHSA-vcpf-hjm3-54fr",
  "modified": "2026-03-26T15:30:31Z",
  "published": "2026-03-25T03:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20607"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/126794"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/126795"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/126796"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VCQH-2Q2G-PGC3

Vulnerability from github – Published: 2022-09-25 00:00 – Updated: 2025-05-22 21:30
VLAI
Details

The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30121"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-23T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "The \u201cLANDesk(R) Management Agent\u201d service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.",
  "id": "GHSA-vcqh-2q2g-pgc3",
  "modified": "2025-05-22T21:30:35Z",
  "published": "2022-09-25T00:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30121"
    },
    {
      "type": "WEB",
      "url": "https://forums.ivanti.com/s/article/Security-Advisory-for-Ivanti-Endpoint-Manager-Client-CVE-2022-30121?language=en_US"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VCR7-Q7V7-V84F

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47
VLAI
Details

RPC Endpoint Mapper Service Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27091"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-13T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "RPC Endpoint Mapper Service Elevation of Privilege Vulnerability",
  "id": "GHSA-vcr7-q7v7-v84f",
  "modified": "2022-05-24T17:47:16Z",
  "published": "2022-05-24T17:47:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27091"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27091"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VF6J-6739-78M8

Vulnerability from github – Published: 2026-03-03 14:48 – Updated: 2026-03-03 14:48
VLAI
Summary
Rancher's Azure AD permission changes are not reflected on active sessions
Details

A bug has been identified in which permission changes in Azure AD are not reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example, to a lower privileged group, or are removed from a group, thus retaining their access to Rancher instead of losing it.

Impact

This issue only affects Rancher instances with Azure AD integration enabled, regardless of the automatically refreshing settings which are enabled by default. The users that obtained a token (or kubeconfig) to access Rancher through the following sessions are affected by this issue: 1) Users using the Rancher UI. 2) Users using kubectl based on a kubeconfig downloaded through the Rancher UI. 3) Tokens created via the Rancher UI Create API Key feature.

Note that the permission caching is persisted even when the Rancher Manager pod is restarted. The only way for a user to get the new permissions is to logout and login again.

Patches

Patched versions include releases 2.6.13, 2.7.4 and later versions.

For more information

If you have any questions or comments about this advisory:

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.7"
            },
            {
              "fixed": "2.6.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rancher/rancher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-22648"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-271",
      "CWE-384"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T14:48:41Z",
    "nvd_published_at": "2023-06-01T13:15:10Z",
    "severity": "HIGH"
  },
  "details": "A bug has been identified in which permission changes in Azure AD are not reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example, to a lower privileged group, or are removed from a group, thus retaining their access to Rancher instead of losing it.\n\n### Impact\nThis issue only affects Rancher instances with Azure AD integration enabled, regardless of the [automatically refreshing settings](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups#automatically-refreshing-user-information) which are enabled by default. The users that obtained a token (or kubeconfig) to access Rancher through the following sessions are affected by this issue:\n1) Users using the Rancher UI.\n2) Users using `kubectl` based on a `kubeconfig` downloaded through the Rancher UI.\n3) Tokens created via the Rancher UI Create API Key feature.\n\nNote that the permission caching is persisted even when the Rancher Manager pod is restarted. The only way for a user to get the new permissions is to logout and login again.\n\n### Patches\nPatched versions include releases `2.6.13`, `2.7.4` and later versions.\n\n### For more information\nIf you have any questions or comments about this advisory:\n\n- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n- Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.\n- Verify with our [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/).",
  "id": "GHSA-vf6j-6739-78m8",
  "modified": "2026-03-03T14:48:42Z",
  "published": "2026-03-03T14:48:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/security/advisories/GHSA-vf6j-6739-78m8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22648"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22648"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rancher/rancher"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Rancher\u0027s Azure AD permission changes are not reflected on active sessions"
}

GHSA-VF7W-48CM-H8XX

Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18
VLAI
Details

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1149"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-21T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka \u0027Windows Runtime Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164.",
  "id": "GHSA-vf7w-48cm-h8xx",
  "modified": "2022-05-24T17:18:31Z",
  "published": "2022-05-24T17:18:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1149"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1149"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VF84-MXRQ-CRQC

Vulnerability from github – Published: 2025-08-08 14:32 – Updated: 2025-08-11 13:56
VLAI
Summary
OpenBao Root Namespace Operator May Elevate Token Privileges
Details

Impact

Accounts with access to the highly-privileged identity entity system in the root namespace may increase their scope directly to the root policy. While the identity system always allowed adding arbitrary policies, which in turn could contain capability grants on arbitrary paths, the root policy is restricted to manual generation using unseal or recovery key shares. The global root policy is not accessible from child namespaces.

Patches

OpenBao v2.3.2 will patch this issue.

Workarounds

Use of denied_parameters in any policy which has access to the affected identity endpoints (on identity entities) may be sufficient to prohibit this type of attack.

References

This issue was disclosed to HashiCorp and is the OpenBao equivalent of the following tickets:

  • https://discuss.hashicorp.com/t/hcsec-2025-13-vault-root-namespace-operator-may-elevate-token-privileges/76032
  • https://nvd.nist.gov/vuln/detail/cve-2025-5999
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/openbao/openbao"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.1.0"
            },
            {
              "fixed": "2.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/openbao/openbao"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20250806193240-9b0b5d4f345f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-54996"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-269"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-08T14:32:42Z",
    "nvd_published_at": "2025-08-09T02:15:37Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nAccounts with access to the highly-privileged identity entity system in the root namespace may increase their scope directly to the `root` policy. While the identity system always allowed adding arbitrary policies, which in turn could contain capability grants on arbitrary paths, the `root` policy is restricted to manual generation using unseal or recovery key shares. The global `root` policy is not accessible from child namespaces.\n\n### Patches\n\nOpenBao v2.3.2 will patch this issue.\n\n### Workarounds\n\nUse of `denied_parameters` in any policy which has access to the affected identity endpoints (on [identity entities](https://openbao.org/api-docs/secret/identity/entity/)) may be sufficient to prohibit this type of attack. \n\n### References\n\nThis issue was disclosed to HashiCorp and is the OpenBao equivalent of the following tickets:\n\n- https://discuss.hashicorp.com/t/hcsec-2025-13-vault-root-namespace-operator-may-elevate-token-privileges/76032\n- https://nvd.nist.gov/vuln/detail/cve-2025-5999",
  "id": "GHSA-vf84-mxrq-crqc",
  "modified": "2025-08-11T13:56:25Z",
  "published": "2025-08-08T14:32:42Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openbao/openbao/security/advisories/GHSA-vf84-mxrq-crqc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54996"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openbao/openbao/pull/1627"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openbao/openbao/commit/9b0b5d4f345fdfb1065956f042b12cbd86cd6e0f"
    },
    {
      "type": "WEB",
      "url": "https://discuss.hashicorp.com/t/hcsec-2025-13-vault-root-namespace-operator-may-elevate-token-privileges/76032"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openbao/openbao"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openbao/openbao/releases/tag/v2.3.2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/cve-2025-5999"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenBao Root Namespace Operator May Elevate Token Privileges"
}

GHSA-VF8H-2WWJ-JQ22

Vulnerability from github – Published: 2023-02-15 12:30 – Updated: 2023-06-27 21:05
VLAI
Summary
Privilege escalation in Apache ShenYu
Details

Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.shenyu:shenyu-admin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-42735"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-15T18:16:56Z",
    "nvd_published_at": "2023-02-15T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958.",
  "id": "GHSA-vf8h-2wwj-jq22",
  "modified": "2023-06-27T21:05:30Z",
  "published": "2023-02-15T12:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42735"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/shenyu/pull/3958"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/shenyu"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/2k8764jmckmc19qc8x51nlnngq71pcf7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Privilege escalation in Apache ShenYu"
}

GHSA-VFGQ-G5X8-G595

Vulnerability from github – Published: 2023-03-23 19:58 – Updated: 2023-03-23 22:09
VLAI
Summary
Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process
Details

A vulnerability identified in the implementation of Tailscale SSH in FreeBSD allowed commands to be run with a higher privilege group ID than that specified by Tailscale SSH access rules.

Affected platforms: FreeBSD

Patched Tailscale client versions: v1.38.2 or later

What happened?

A difference in the behavior of the FreeBSD setgroups system call from POSIX meant that the Tailscale client running on a FreeBSD-based operating system did not appropriately restrict groups on the host when using Tailscale SSH. When accessing a FreeBSD host over Tailscale SSH, the egid of the tailscaled process was used instead of that of the user specified in Tailscale SSH access rules.

Who is affected?

9 tailnets with 22 FreeBSD nodes running Tailscale SSH since Tailscale v1.34 (released on 2022-12-04) may have had Tailscale SSH sessions with a higher privilege group ID than that specified in Tailscale SSH access rules.

We have notified the affected organizations where we have security contacts.

What is the impact?

Tailscale SSH commands may have been run with a higher privilege group ID than that specified in Tailscale SSH access rules if they met all of the following criteria: * The destination node was a FreeBSD device with Tailscale SSH enabled; * Tailscale SSH access rules permitted access for non-root users; and * A non-interactive SSH session was used.

What do I need to do?

If you are running Tailscale on FreeBSD, upgrade to v1.38.2 or later to remediate the issue. Admins of a tailnet can view FreeBSD nodes with unpatched versions in the admin console.

To update the local ports tree in advance of what's available upstream, you can:

  1. cd /usr/ports/security/tailscale
  2. edit the Makefile to set PORTVERSION to 1.38.2
  3. make makesum
  4. make install

Tailscale SSH on other platforms is not affected.

Credits

We would like to thank Ryan Belgrave for reporting this issue.

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "tailscale.com"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.34.0"
            },
            {
              "fixed": "1.38.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-28436"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-23T19:58:23Z",
    "nvd_published_at": "2023-03-23T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability identified in the implementation of Tailscale SSH in FreeBSD allowed commands to be run with a higher privilege group ID than that specified by Tailscale SSH access rules.\n\n**Affected platforms**: FreeBSD\n\n**Patched Tailscale client versions**: v1.38.2 or later\n\n### What happened?\nA difference in the behavior of the FreeBSD `setgroups` system call from POSIX meant that the Tailscale client running on a FreeBSD-based operating system did not appropriately restrict groups on the host when using Tailscale SSH. When accessing a FreeBSD host over Tailscale SSH, the egid of the tailscaled process was used instead of that of the user specified in Tailscale SSH access rules.\n\n### Who is affected?\n9 tailnets with 22 FreeBSD nodes running Tailscale SSH since Tailscale v1.34 (released on 2022-12-04) may have had Tailscale SSH sessions with a higher privilege group ID than that specified in Tailscale SSH access rules.\n\nWe have notified the affected organizations where we have [security contacts](https://tailscale.com/kb/1224/contact-preferences/#setting-the-security-issues-email).\n\n### What is the impact?\nTailscale SSH commands may have been run with a higher privilege group ID than that specified in Tailscale SSH access rules if they met all of the following criteria:\n* The destination node was a FreeBSD device with Tailscale SSH enabled;\n* Tailscale SSH access rules permitted access for non-root users; and\n* A non-interactive SSH session was used.\n\n### What do I need to do?\nIf you are running Tailscale on FreeBSD, upgrade to v1.38.2 or later to remediate the issue. Admins of a tailnet can view [FreeBSD nodes with unpatched versions](https://login.tailscale.com/admin/machines?q=version%3A%3C1.38.2+freebsd) in the admin console.\n\nTo update the local ports tree in advance of what\u0027s available upstream, you can:\n\n1. `cd /usr/ports/security/tailscale`\n2. edit the Makefile to set `PORTVERSION` to `1.38.2`\n3. `make makesum`\n4. `make install`\n\nTailscale SSH on other platforms is not affected.\n\n### Credits\nWe would like to thank [Ryan Belgrave](https://www.linkedin.com/in/rbelgrave/) for reporting this issue.\n\n### References\n* [TS-2023-003](https://tailscale.com/security-bulletins/#ts-2023-003)\n\n\n",
  "id": "GHSA-vfgq-g5x8-g595",
  "modified": "2023-03-23T22:09:19Z",
  "published": "2023-03-23T19:58:23Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tailscale/tailscale/security/advisories/GHSA-vfgq-g5x8-g595"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28436"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tailscale/tailscale/commit/d00c046b723dff6e3775d7d35f891403ac21a47d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tailscale/tailscale"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tailscale/tailscale/releases/tag/v1.38.2"
    },
    {
      "type": "WEB",
      "url": "https://tailscale.com/security-bulletins/#ts-2023-003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process"
}

GHSA-VFJ7-PJWX-GMGC

Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18
VLAI
Details

An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1124"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-21T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka \u0027Windows State Repository Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191.",
  "id": "GHSA-vfj7-pjwx-gmgc",
  "modified": "2022-05-24T17:18:30Z",
  "published": "2022-05-24T17:18:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1124"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1124"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VFJR-R7C6-MQ2H

Vulnerability from github – Published: 2022-05-24 17:08 – Updated: 2023-02-02 21:33
VLAI
Details

It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1708"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-07T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb.",
  "id": "GHSA-vfjr-r7c6-mq2h",
  "modified": "2023-02-02T21:33:40Z",
  "published": "2022-05-24T17:08:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1708"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/articles/4859371"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0617"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0681"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0694"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0800"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2020-1708"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793299"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1708"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.