Common Weakness Enumeration

CWE-273

Allowed

Improper Check for Dropped Privileges

Abstraction: Base · Status: Incomplete

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

54 vulnerabilities reference this CWE, most recent first.

GHSA-4HWJ-MWVM-VC26

Vulnerability from github – Published: 2023-10-04 06:30 – Updated: 2023-11-24 09:30
VLAI
Details

Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability.

This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5369"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-04T04:15:14Z",
    "severity": "HIGH"
  },
  "details": "Before correction, the\u00a0copy_file_range\u00a0system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively.  Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability.\n\nThis incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.",
  "id": "GHSA-4hwj-mwvm-vc26",
  "modified": "2023-11-24T09:30:27Z",
  "published": "2023-10-04T06:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5369"
    },
    {
      "type": "WEB",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:13.capsicum.asc"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20231124-0009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5XVC-RWV8-86P7

Vulnerability from github – Published: 2024-03-26 21:30 – Updated: 2025-11-15 02:52
VLAI
Summary
Ignite Realtime Openfire privilege escalation vulnerability
Details

An issue in Ignite Realtime Openfire v.4.8.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.igniterealtime.openfire:xmppserver"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-25420"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-27T21:59:21Z",
    "nvd_published_at": "2024-03-26T21:15:52Z",
    "severity": "HIGH"
  },
  "details": "An issue in Ignite Realtime Openfire v.4.8.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.",
  "id": "GHSA-5xvc-rwv8-86p7",
  "modified": "2025-11-15T02:52:34Z",
  "published": "2024-03-26T21:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25420"
    },
    {
      "type": "WEB",
      "url": "https://github.com/igniterealtime/Openfire/pull/2411"
    },
    {
      "type": "WEB",
      "url": "https://github.com/igniterealtime/Openfire/commit/5c022bfa82d71d1710381ab395b100cdbcb8f310"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/igniterealtime/Openfire"
    },
    {
      "type": "WEB",
      "url": "https://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/admin/AdminManager.java"
    },
    {
      "type": "WEB",
      "url": "https://github.com/igniterealtime/Openfire/releases/tag/v4.8.1"
    },
    {
      "type": "WEB",
      "url": "https://igniterealtime.atlassian.net/browse/OF-2758"
    },
    {
      "type": "WEB",
      "url": "https://www.hackthebox.com/blog/openfire-cves-explained-CVE-2024-25420-CVE-2024-25421"
    },
    {
      "type": "WEB",
      "url": "https://www.igniterealtime.org/projects/openfire"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Ignite Realtime Openfire privilege escalation vulnerability"
}

GHSA-65C8-R727-2MPJ

Vulnerability from github – Published: 2026-07-15 12:32 – Updated: 2026-07-15 12:32
VLAI
Details

PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blocked_commands, blocked_paths, blocked_imports, allow_subprocess, and allow_file_write restrictions are completely ignored. Attackers can execute arbitrary subprocess commands, read sensitive files, and perform destructive operations despite explicit security policy configuration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-60085"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-15T12:18:17Z",
    "severity": "HIGH"
  },
  "details": "PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blocked_commands, blocked_paths, blocked_imports, allow_subprocess, and allow_file_write restrictions are completely ignored. Attackers can execute arbitrary subprocess commands, read sensitive files, and perform destructive operations despite explicit security policy configuration.",
  "id": "GHSA-65c8-r727-2mpj",
  "modified": "2026-07-15T12:32:03Z",
  "published": "2026-07-15T12:32:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-5r6c-gj4g-r697"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-60085"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/praisonai-before-unenforced-security-policy-in-subprocess-sandbox"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-66VJ-HXH5-X3JH

Vulnerability from github – Published: 2024-09-17 18:33 – Updated: 2025-10-22 00:33
VLAI
Details

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38813"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-250",
      "CWE-273"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-17T18:15:04Z",
    "severity": "HIGH"
  },
  "details": "The vCenter Server contains a privilege escalation vulnerability.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.",
  "id": "GHSA-66vj-hxh5-x3jh",
  "modified": "2025-10-22T00:33:06Z",
  "published": "2024-09-17T18:33:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38813"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38813"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6MM6-PP6H-9P36

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34
VLAI
Details

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16466"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-30T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.",
  "id": "GHSA-6mm6-pp6h-9p36",
  "modified": "2022-05-13T01:34:06Z",
  "published": "2022-05-13T01:34:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16466"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/388515"
    },
    {
      "type": "WEB",
      "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-010"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-748R-5R8Q-273M

Vulnerability from github – Published: 2022-07-07 00:00 – Updated: 2023-09-05 20:16
VLAI
Summary
Apache Superset allows authenticated users to access metadata they have no permission to
Details

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-superset"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-37839"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-15T21:31:23Z",
    "nvd_published_at": "2022-07-06T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.",
  "id": "GHSA-748r-5r8q-273m",
  "modified": "2023-09-05T20:16:04Z",
  "published": "2022-07-07T00:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37839"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/superset/commit/2bd89d1705347da5446902a3f65eb8d0a6353503"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/superset"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Superset allows authenticated users to access metadata they have no permission to"
}

GHSA-78XR-CMR3-FXQ9

Vulnerability from github – Published: 2025-01-17 21:31 – Updated: 2025-03-04 15:31
VLAI
Details

Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21399"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273",
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-17T20:15:46Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability",
  "id": "GHSA-78xr-cmr3-fxq9",
  "modified": "2025-03-04T15:31:46Z",
  "published": "2025-01-17T21:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21399"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21399"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/elevation-of-privilege-vulnerability-in-microsoft-edge-chromium-based-detection-script"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/elevation-of-privilege-vulnerability-in-microsoft-edge-chromium-based-mitigation-script"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7FPJ-9HR8-28VH

Vulnerability from github – Published: 2024-04-17 18:25 – Updated: 2024-11-18 17:28
VLAI
Summary
Keycloak vulnerable to impersonation via logout token exchange
Details

Keycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "22.0.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "23.0.0"
            },
            {
              "fixed": "24.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-0657"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273",
      "CWE-284",
      "CWE-287",
      "CWE-290",
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-17T18:25:59Z",
    "nvd_published_at": "2024-11-17T11:15:05Z",
    "severity": "LOW"
  },
  "details": "Keycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.\n\n",
  "id": "GHSA-7fpj-9hr8-28vh",
  "modified": "2024-11-18T17:28:39Z",
  "published": "2024-04-17T18:25:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-7fpj-9hr8-28vh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0657"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1867"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1868"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0657"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166728"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keycloak/keycloak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Keycloak vulnerable to impersonation via logout token exchange"
}

GHSA-86FH-J58M-7PF5

Vulnerability from github – Published: 2021-11-23 17:57 – Updated: 2024-01-31 15:13
VLAI
Summary
Improper Privilege Management in Apache Ozone
Details

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.ozone:ozone-main"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-36372"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-22T19:04:02Z",
    "nvd_published_at": "2021-11-19T10:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.",
  "id": "GHSA-86fh-j58m-7pf5",
  "modified": "2024-01-31T15:13:11Z",
  "published": "2021-11-23T17:57:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36372"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/ozone"
    },
    {
      "type": "WEB",
      "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/11/19/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Privilege Management in Apache Ozone"
}

GHSA-8G83-V3R7-R8GX

Vulnerability from github – Published: 2025-02-04 00:32 – Updated: 2025-02-04 00:32
VLAI
Details

A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1003"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-04T00:15:33Z",
    "severity": "HIGH"
  },
  "details": "A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability.",
  "id": "GHSA-8g83-v3r7-r8gx",
  "modified": "2025-02-04T00:32:03Z",
  "published": "2025-02-04T00:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1003"
    },
    {
      "type": "WEB",
      "url": "https://support.hp.com/us-en/document/ish_11920613-11920636-16"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-53
Implementation

Check the results of all functions that return a value and verify that the value is expected.

Mitigation
Implementation

In Windows, make sure that the process token has the SeImpersonatePrivilege(Microsoft Server 2003). Code that relies on impersonation for security must ensure that the impersonation succeeded, i.e., that a proper privilege demotion happened.

No CAPEC attack patterns related to this CWE.