Common Weakness Enumeration

CWE-270

Allowed

Privilege Context Switching Error

Abstraction: Base · Status: Draft

The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.

45 vulnerabilities reference this CWE, most recent first.

GHSA-7P75-9H8V-VXQ4

Vulnerability from github – Published: 2024-12-12 12:31 – Updated: 2024-12-12 12:31
VLAI
Details

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's CI_JOB_TOKEN to obtain a GitLab session token belonging to the victim.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12570"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-270"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-12T12:15:22Z",
    "severity": "MODERATE"
  },
  "details": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim\u0027s `CI_JOB_TOKEN` to obtain a GitLab session token belonging to the victim.",
  "id": "GHSA-7p75-9h8v-vxq4",
  "modified": "2024-12-12T12:31:15Z",
  "published": "2024-12-12T12:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12570"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/2724948"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/494694"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9M68-HRX9-5WFC

Vulnerability from github – Published: 2024-11-12 21:30 – Updated: 2024-11-12 21:30
VLAI
Details

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36513"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-270"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-12T19:15:10Z",
    "severity": "HIGH"
  },
  "details": "A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.",
  "id": "GHSA-9m68-hrx9-5wfc",
  "modified": "2024-11-12T21:30:52Z",
  "published": "2024-11-12T21:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36513"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-144"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FF6V-W58F-V97W

Vulnerability from github – Published: 2025-06-13 20:41 – Updated: 2025-06-13 20:41
VLAI
Summary
XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right
Details

Impact

When a user without script right creates a document with an XWiki.Notifications.Code.NotificationEmailRendererClass object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can be executed, though, as while these templates allow Velocity code, the existing generic analyzer already warns admins before editing Velocity code. The main impact would thus be to send spam, e.g., with phishing links to other users or to hide notifications about other attacks. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful.

Patches

This has been patched in XWiki 16.10.2, 16.4.7 and 15.10.16 by adding an analysis for the respective XClass properties.

Workarounds

We're not aware of any real workarounds apart from just being careful with editing documents previously edited by untrusted users as a user with script, admin or programming right.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-notifications-notifiers-default"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "15.10.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-notifications-notifiers-default"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "16.0.0-rc-1"
            },
            {
              "fixed": "16.4.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-notifications-notifiers-default"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "16.5.0-rc-1"
            },
            {
              "fixed": "16.10.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-49583"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-270",
      "CWE-357"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-13T20:41:12Z",
    "nvd_published_at": "2025-06-13T17:15:23Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nWhen a user without script right creates a document with an `XWiki.Notifications.Code.NotificationEmailRendererClass` object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can be executed, though, as while these templates allow Velocity code, the existing generic analyzer already warns admins before editing Velocity code. The main impact would thus be to send spam, e.g., with phishing links to other users or to hide notifications about other attacks. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful.\n\n### Patches\nThis has been patched in XWiki 16.10.2, 16.4.7 and 15.10.16 by adding an analysis for the respective XClass properties.\n\n### Workarounds\nWe\u0027re not aware of any real workarounds apart from just being careful with editing documents previously edited by untrusted users as a user with script, admin or programming right.",
  "id": "GHSA-ff6v-w58f-v97w",
  "modified": "2025-06-13T20:41:12Z",
  "published": "2025-06-13T20:41:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ff6v-w58f-v97w"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49583"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/3d96bf3ceb167bf0213d63f0be1f7e1732eb0a92"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-22471"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right"
}

GHSA-FH9M-7JQ4-376W

Vulnerability from github – Published: 2025-09-11 18:35 – Updated: 2025-09-11 18:35
VLAI
Details

Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting in impersonation until the session is ended. This flaw cannot be intentionally exploited due to the required concurring action by two users. However, if the event occurs a user would be inadvertently exposed to another user’s system rights and data access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-26499"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-270"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-11T17:15:34Z",
    "severity": "MODERATE"
  },
  "details": "Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting in impersonation until the session is ended. This flaw cannot be intentionally exploited due to the required concurring action by two users. However, if the event occurs a user would be inadvertently exposed to another user\u2019s system rights and data access.",
  "id": "GHSA-fh9m-7jq4-376w",
  "modified": "2025-09-11T18:35:50Z",
  "published": "2025-09-11T18:35:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26499"
    },
    {
      "type": "WEB",
      "url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2025-26499"
    },
    {
      "type": "WEB",
      "url": "https://www.windriver.com/security/vulnerability-responses/CVE-2025-26499"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G9FW-9X87-RMRJ

Vulnerability from github – Published: 2021-03-18 19:27 – Updated: 2022-06-06 17:56
VLAI
Summary
Privilege Context Switching Error in Elasticsearch
Details

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.elasticsearch:elasticsearch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.8.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.elasticsearch:elasticsearch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.9.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-7020"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-270"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-16T16:31:38Z",
    "nvd_published_at": "2020-10-22T17:15:00Z",
    "severity": "LOW"
  },
  "details": "Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.",
  "id": "GHSA-g9fw-9x87-rmrj",
  "modified": "2022-06-06T17:56:25Z",
  "published": "2021-03-18T19:27:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7020"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/elastic/elasticsearch"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20201123-0001"
    },
    {
      "type": "WEB",
      "url": "https://staging-website.elastic.co/community/security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Privilege Context Switching Error in Elasticsearch"
}

GHSA-GMM9-3V86-M9WJ

Vulnerability from github – Published: 2026-04-13 06:30 – Updated: 2026-04-13 06:30
VLAI
Details

Permission bypass vulnerability in the LBS module. Impact: Successful exploitation of this vulnerability may affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-34853"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-270"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-13T04:16:12Z",
    "severity": "HIGH"
  },
  "details": "Permission bypass vulnerability in the LBS module.\nImpact: Successful exploitation of this vulnerability may affect availability.",
  "id": "GHSA-gmm9-3v86-m9wj",
  "modified": "2026-04-13T06:30:29Z",
  "published": "2026-04-13T06:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34853"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2026/4"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletinvision/2026/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H6F5-8JJ5-CXHR

Vulnerability from github – Published: 2023-03-02 15:16 – Updated: 2023-03-13 19:17
VLAI
Summary
xwiki-platform vulnerable to Remote Code Execution in Annotations
Details

Impact

The annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document.

To reproduce: add an annotation with the content {{groovy}}print "hello"{{/groovy}} and click the yellow scare to get a display of the annotation inline.

The result is "hello" but it should be an error suggesting that it's not allowed to use the groovy macro.

Patches

This has been patched in XWiki 13.10.11, 14.4.7 and 14.10.

Workarounds

There is no easy workaround except to upgrade.

References

https://jira.xwiki.org/browse/XWIKI-20360

https://jira.xwiki.org/browse/XWIKI-20384

For more information

If you have any questions or comments about this advisory: * Open an issue in Jira XWiki.org * Email us at Security Mailing List

Attribution

This vulnerability has been reported by René de Sain @renniepak.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-annotation-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3-milestone-1"
            },
            {
              "fixed": "13.10.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-annotation-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "14.0-rc-1"
            },
            {
              "fixed": "14.4.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-annotation-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "14.5"
            },
            {
              "fixed": "14.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-26475"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-270"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-02T15:16:43Z",
    "nvd_published_at": "2023-03-02T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nThe annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document.\n\nTo reproduce: add an annotation with the content `{{groovy}}print \"hello\"{{/groovy}}` and click the yellow scare to get a display of the annotation inline.\n\nThe result is \"hello\" but it should be an error suggesting that it\u0027s not allowed to use the groovy macro.\n\n### Patches\nThis has been patched in XWiki 13.10.11, 14.4.7 and 14.10.\n\n### Workarounds\nThere is no easy workaround except to upgrade.\n\n### References\nhttps://jira.xwiki.org/browse/XWIKI-20360\n\nhttps://jira.xwiki.org/browse/XWIKI-20384\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)\n\n### Attribution\n\nThis vulnerability has been reported by Ren\u00e9 de Sain @renniepak.",
  "id": "GHSA-h6f5-8jj5-cxhr",
  "modified": "2023-03-13T19:17:37Z",
  "published": "2023-03-02T15:16:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h6f5-8jj5-cxhr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26475"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/d87d7bfd8db18c20d3264f98c6deefeae93b99f7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-20360"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-20384"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "xwiki-platform vulnerable to Remote Code Execution in Annotations"
}

GHSA-JCHM-FM4Q-C2FP

Vulnerability from github – Published: 2023-05-08 12:30 – Updated: 2025-02-13 18:54
VLAI
Summary
Apache Airflow vulnerable to Privilege Context Switching Error
Details

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow. This issue affects Apache Airflow: before 2.6.0.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-airflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.0b1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-25754"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-270"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-11T20:32:46Z",
    "nvd_published_at": "2023-05-08T12:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow. This issue affects Apache Airflow: before 2.6.0.",
  "id": "GHSA-jchm-fm4q-c2fp",
  "modified": "2025-02-13T18:54:28Z",
  "published": "2023-05-08T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25754"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/29506"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/commit/18347d36e67894604436f3ef47d273532683b473"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/airflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/releases/tag/2.6.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-59.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2023/05/08/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/05/08/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache Airflow vulnerable to Privilege Context Switching Error"
}

GHSA-JFQV-RW2M-VHF4

Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-11-11 18:30
VLAI
Details

Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-60721"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-270"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-11T18:15:40Z",
    "severity": "HIGH"
  },
  "details": "Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-jfqv-rw2m-vhf4",
  "modified": "2025-11-11T18:30:21Z",
  "published": "2025-11-11T18:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60721"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60721"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P9CF-QJXQ-VXW6

Vulnerability from github – Published: 2021-06-08 18:52 – Updated: 2021-06-17 20:04
VLAI
Summary
Privilege Context Switching Error in wildlfy
Details

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 19.1.0.Final"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.wildfly.bom:wildfly"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "20.0.0.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-1719"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-270"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-08T17:28:03Z",
    "nvd_published_at": "2021-06-07T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected.",
  "id": "GHSA-p9cf-qjxq-vxw6",
  "modified": "2021-06-17T20:04:36Z",
  "published": "2021-06-08T18:52:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Privilege Context Switching Error in wildlfy"
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-30: Hijacking a Privileged Thread of Execution

An adversary hijacks a privileged thread of execution by injecting malicious code into a running process. By using a privleged thread to do their bidding, adversaries can evade process-based detection that would stop an attack that creates a new process. This can lead to an adversary gaining access to the process's memory and can also enable elevated privileges. The most common way to perform this attack is by suspending an existing thread and manipulating its memory.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.