CWE-271
Allowed-with-ReviewPrivilege Dropping / Lowering Errors
Abstraction: Class · Status: Incomplete
The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.
22 vulnerabilities reference this CWE, most recent first.
GHSA-JQ7J-25X9-P735
Vulnerability from github – Published: 2022-10-18 12:00 – Updated: 2022-10-20 19:00Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.
{
"affected": [],
"aliases": [
"CVE-2022-3569"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-271"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-17T23:15:00Z",
"severity": "HIGH"
},
"details": "Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the \u0027zimbra\u0027 user can effectively coerce postfix into running arbitrary commands as \u0027root\u0027.",
"id": "GHSA-jq7j-25x9-p735",
"modified": "2022-10-20T19:00:35Z",
"published": "2022-10-18T12:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3569"
},
{
"type": "WEB",
"url": "https://github.com/rapid7/metasploit-framework/pull/17141"
},
{
"type": "WEB",
"url": "https://twitter.com/ldsopreload/status/1580539318879547392"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VF6J-6739-78M8
Vulnerability from github – Published: 2026-03-03 14:48 – Updated: 2026-03-03 14:48A bug has been identified in which permission changes in Azure AD are not reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example, to a lower privileged group, or are removed from a group, thus retaining their access to Rancher instead of losing it.
Impact
This issue only affects Rancher instances with Azure AD integration enabled, regardless of the automatically refreshing settings which are enabled by default. The users that obtained a token (or kubeconfig) to access Rancher through the following sessions are affected by this issue:
1) Users using the Rancher UI.
2) Users using kubectl based on a kubeconfig downloaded through the Rancher UI.
3) Tokens created via the Rancher UI Create API Key feature.
Note that the permission caching is persisted even when the Rancher Manager pod is restarted. The only way for a user to get the new permissions is to logout and login again.
Patches
Patched versions include releases 2.6.13, 2.7.4 and later versions.
For more information
If you have any questions or comments about this advisory:
- Reach out to the SUSE Rancher Security team for security related inquiries.
- Open an issue in the Rancher repository.
- Verify with our support matrix and product support lifecycle.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.7"
},
{
"fixed": "2.6.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-22648"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-271",
"CWE-384"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-03T14:48:41Z",
"nvd_published_at": "2023-06-01T13:15:10Z",
"severity": "HIGH"
},
"details": "A bug has been identified in which permission changes in Azure AD are not reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example, to a lower privileged group, or are removed from a group, thus retaining their access to Rancher instead of losing it.\n\n### Impact\nThis issue only affects Rancher instances with Azure AD integration enabled, regardless of the [automatically refreshing settings](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups#automatically-refreshing-user-information) which are enabled by default. The users that obtained a token (or kubeconfig) to access Rancher through the following sessions are affected by this issue:\n1) Users using the Rancher UI.\n2) Users using `kubectl` based on a `kubeconfig` downloaded through the Rancher UI.\n3) Tokens created via the Rancher UI Create API Key feature.\n\nNote that the permission caching is persisted even when the Rancher Manager pod is restarted. The only way for a user to get the new permissions is to logout and login again.\n\n### Patches\nPatched versions include releases `2.6.13`, `2.7.4` and later versions.\n\n### For more information\nIf you have any questions or comments about this advisory:\n\n- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n- Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.\n- Verify with our [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/).",
"id": "GHSA-vf6j-6739-78m8",
"modified": "2026-03-03T14:48:42Z",
"published": "2026-03-03T14:48:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-vf6j-6739-78m8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22648"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22648"
},
{
"type": "PACKAGE",
"url": "https://github.com/rancher/rancher"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Rancher\u0027s Azure AD permission changes are not reflected on active sessions"
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
No CAPEC attack patterns related to this CWE.