Common Weakness Enumeration

CWE-280

Allowed

Improper Handling of Insufficient Permissions or Privileges

Abstraction: Base · Status: Draft

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

256 vulnerabilities reference this CWE, most recent first.

GHSA-29J3-7MHP-WMWM

Vulnerability from github – Published: 2024-08-02 18:31 – Updated: 2024-08-02 18:31
VLAI
Details

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7314"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280",
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-02T17:16:41Z",
    "severity": "CRITICAL"
  },
  "details": "anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append \";swagger-ui\" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server.",
  "id": "GHSA-29j3-7mhp-wmwm",
  "modified": "2024-08-02T18:31:10Z",
  "published": "2024-08-02T18:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7314"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/anji-plus/report/pulls/166/files"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vulhub/vulhub/tree/master/aj-report/CNVD-2024-15077"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yuebusao/AJ-REPORT-EXPLOIT"
    },
    {
      "type": "WEB",
      "url": "https://vulncheck.com/advisories/aj-report-swagger"
    },
    {
      "type": "WEB",
      "url": "https://xz.aliyun.com/t/14460"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CQV-65V5-FPV5

Vulnerability from github – Published: 2024-10-02 21:30 – Updated: 2024-11-14 00:31
VLAI
Details

An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-24116"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-02T19:15:15Z",
    "severity": "CRITICAL"
  },
  "details": "An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.",
  "id": "GHSA-2cqv-65v5-fpv5",
  "modified": "2024-11-14T00:31:10Z",
  "published": "2024-10-02T21:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24116"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/zty-1995/7a5e3ad0eb3b6c44db1a6eb4092893d3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zty-1995/RG-NBS2009G-P-switch/tree/main/Unauthorized%20Access%20Vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2HF3-JPHF-R8CC

Vulnerability from github – Published: 2025-11-18 18:32 – Updated: 2025-11-24 15:30
VLAI
Details

Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-58122"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-18T16:15:44Z",
    "severity": "MODERATE"
  },
  "details": "Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.",
  "id": "GHSA-2hf3-jphf-r8cc",
  "modified": "2025-11-24T15:30:27Z",
  "published": "2025-11-18T18:32:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58122"
    },
    {
      "type": "WEB",
      "url": "https://checkmk.com/werk/18982"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2HMJ-97JW-28JH

Vulnerability from github – Published: 2025-09-24 12:30 – Updated: 2025-11-05 20:46
VLAI
Summary
Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands
Details

Improper permission checks in the AdminServer allow an authenticated client with insufficient privileges to invoke the snapshot and restore commands. The intended requirement is authentication and authorization on the root path (/) with ALL permission for these operations; however, affected versions permit invocation without that level of authorization. The primary risk is disclosure of cluster state via snapshots to a lesser-privileged client.

  • Affected: org.apache.zookeeper:zookeeper 3.9.0 through 3.9.3.
  • Fixed: 3.9.4 (ZOOKEEPER-4964 “check permissions individually during admin server auth”).
  • Mitigations:
    • Disable both commands (admin.snapshot.enabled, admin.restore.enabled).
    • Disable AdminServer (admin.enableServer).
    • Ensure the root ACL is not open; note that ZooKeeper ACLs are not recursive.
    • Upgrade to 3.9.4.
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.zookeeper:zookeeper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.9.0"
            },
            {
              "fixed": "3.9.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-58457"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-24T19:00:08Z",
    "nvd_published_at": "2025-09-24T10:15:28Z",
    "severity": "MODERATE"
  },
  "details": "Improper permission checks in the AdminServer allow an authenticated client with insufficient privileges to invoke the `snapshot` and `restore` commands. The intended requirement is authentication and authorization on the root path (`/`) with **ALL** permission for these operations; however, affected versions permit invocation without that level of authorization. The primary risk is disclosure of cluster state via snapshots to a lesser-privileged client.\n\n*   **Affected:** `org.apache.zookeeper:zookeeper` 3.9.0 through 3.9.3.\n*   **Fixed:** 3.9.4 (ZOOKEEPER-4964 \u201ccheck permissions individually during admin server auth\u201d).\n*   **Mitigations:**\n    *   Disable both commands (`admin.snapshot.enabled`, `admin.restore.enabled`).\n    *   Disable AdminServer (`admin.enableServer`).\n    *   Ensure the root ACL is not open; note that ZooKeeper ACLs are not recursive.\n    *   Upgrade to 3.9.4.",
  "id": "GHSA-2hmj-97jw-28jh",
  "modified": "2025-11-05T20:46:28Z",
  "published": "2025-09-24T12:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58457"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/zookeeper"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/r5yol0kkhx2fzw22pxk1ozwm3oc6yxrx"
    },
    {
      "type": "WEB",
      "url": "https://zookeeper.apache.org/doc/current/zookeeperSnapshotAndRestore.html"
    },
    {
      "type": "WEB",
      "url": "https://zookeeper.apache.org/doc/r3.9.4/releasenotes.html"
    },
    {
      "type": "WEB",
      "url": "https://zookeeper.apache.org/security.html#CVE-2025-58457"
    },
    {
      "type": "WEB",
      "url": "http://github.com/apache/zookeeper/commit/71e173fcbcc9deb784081cf867bd045df3c32635"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/09/24/10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands"
}

GHSA-2M53-6P59-JFH3

Vulnerability from github – Published: 2024-11-30 03:32 – Updated: 2024-12-02 00:34
VLAI
Details

Software installed and run as a non-privileged user may conduct improper GPU system calls to allow unprivileged access to arbitrary physical memory page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43702"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-30T03:15:13Z",
    "severity": "HIGH"
  },
  "details": "Software installed and run as a non-privileged user may conduct improper GPU system calls to allow unprivileged access to arbitrary physical memory page.",
  "id": "GHSA-2m53-6p59-jfh3",
  "modified": "2024-12-02T00:34:01Z",
  "published": "2024-11-30T03:32:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43702"
    },
    {
      "type": "WEB",
      "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2QWV-XP73-79CX

Vulnerability from github – Published: 2023-04-01 06:31 – Updated: 2023-04-10 18:30
VLAI
Details

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0181"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276",
      "CWE-280"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-01T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.",
  "id": "GHSA-2qwv-xp73-79cx",
  "modified": "2023-04-10T18:30:22Z",
  "published": "2023-04-01T06:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0181"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202310-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-33J3-G875-37RP

Vulnerability from github – Published: 2026-05-28 06:31 – Updated: 2026-07-01 21:22
VLAI
Summary
Keycloak Vulnerable to Improper Handling of Insufficient Permissions or Privilege
Details

A flaw was found in Keycloak's Client Policies, specifically within the org.keycloak.protocol.oidc component. When certain condition providers (client-type, client-roles, client-attributes, client-scopes) are used to enforce security restrictions, the reject-ropc-grant executor is silently bypassed. This allows an unauthenticated remote attacker to obtain tokens via a Resource Owner Password Credentials (ROPC) grant, even when a policy is explicitly configured to block it. This bypass can lead to unauthorized access and information disclosure.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "26.5.0"
            },
            {
              "fixed": "26.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "26.4.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-9792"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-01T21:22:38Z",
    "nvd_published_at": "2026-05-28T05:16:40Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in Keycloak\u0027s Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When certain condition providers (client-type, client-roles, client-attributes, client-scopes) are used to enforce security restrictions, the `reject-ropc-grant` executor is silently bypassed. This allows an unauthenticated remote attacker to obtain tokens via a Resource Owner Password Credentials (ROPC) grant, even when a policy is explicitly configured to block it. This bypass can lead to unauthorized access and information disclosure.",
  "id": "GHSA-33j3-g875-37rp",
  "modified": "2026-07-01T21:22:38Z",
  "published": "2026-05-28T06:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9792"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/issues/49436"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/pull/49636"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/pull/49637"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/commit/13622ee0ffed91fd07ef444be2c858a7f356766d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/commit/2af73c16a4e49333779bb34bce65461d9af036a4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/commit/af5e3e8c60842bc1f3a78e6be414fe303f93163d"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:25097"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:25098"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:30049"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:30050"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-9792"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482459"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keycloak/keycloak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Keycloak Vulnerable to Improper Handling of Insufficient Permissions or Privilege"
}

GHSA-3VGQ-3XJ4-J9VH

Vulnerability from github – Published: 2025-08-04 15:31 – Updated: 2025-08-05 15:30
VLAI
Details

Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read only memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8109"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-04T14:15:33Z",
    "severity": "HIGH"
  },
  "details": "Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read only memory.",
  "id": "GHSA-3vgq-3xj4-j9vh",
  "modified": "2025-08-05T15:30:39Z",
  "published": "2025-08-04T15:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8109"
    },
    {
      "type": "WEB",
      "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3WGF-CCPX-RV72

Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30
VLAI
Details

Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-27910"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-14T18:16:57Z",
    "severity": "HIGH"
  },
  "details": "Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-3wgf-ccpx-rv72",
  "modified": "2026-04-14T18:30:38Z",
  "published": "2026-04-14T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27910"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27910"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3X7P-3VVQ-9QR7

Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31
VLAI
Details

Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49731"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T17:16:01Z",
    "severity": "LOW"
  },
  "details": "Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.",
  "id": "GHSA-3x7p-3vvq-9qr7",
  "modified": "2025-07-08T18:31:51Z",
  "published": "2025-07-08T18:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49731"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49731"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation
Implementation

Always check to see if you have successfully accessed a resource or system functionality, and use proper error handling if it is unsuccessful. Do this even when you are operating in a highly privileged mode, because errors or environmental conditions might still cause a failure. For example, environments with highly granular permissions/privilege models, such as Windows or Linux capabilities, can cause unexpected failures.

No CAPEC attack patterns related to this CWE.