CWE-280
AllowedImproper Handling of Insufficient Permissions or Privileges
Abstraction: Base · Status: Draft
The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.
256 vulnerabilities reference this CWE, most recent first.
GHSA-66X4-8GF5-HMJ9
Vulnerability from github – Published: 2024-06-25 15:31 – Updated: 2024-06-25 15:31Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.
{
"affected": [],
"aliases": [
"CVE-2024-6302"
],
"database_specific": {
"cwe_ids": [
"CWE-280"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-25T13:15:51Z",
"severity": "HIGH"
},
"details": "Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.",
"id": "GHSA-66x4-8gf5-hmj9",
"modified": "2024-06-25T15:31:08Z",
"published": "2024-06-25T15:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6302"
},
{
"type": "WEB",
"url": "https://conduit.rs/changelog/#v0-7-0-2024-04-25"
},
{
"type": "WEB",
"url": "https://gitlab.com/famedly/conduit/-/releases/v0.7.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-67RV-MG8Q-5PF3
Vulnerability from github – Published: 2026-05-08 20:23 – Updated: 2026-06-08 19:56Impact
A CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once copied, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page.
Patches
Patched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature release also incorporates this fix.
Workarounds
No workaround is available.
Acknowledgements
Wagtail thanks independent security researcher Sanjok Karki @thesanjok for reporting this issue.
For more information
If there are any questions or comments about this advisory:
- Visit Wagtail's support channels
- Send an email to security@wagtail.org (view the security policy for more information).
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "wagtail"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "wagtail"
},
"ranges": [
{
"events": [
{
"introduced": "7.1"
},
{
"fixed": "7.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44200"
],
"database_specific": {
"cwe_ids": [
"CWE-280"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-08T20:23:11Z",
"nvd_published_at": "2026-05-11T16:17:35Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nA CMS user with limited access to pages could copy a page they don\u0027t have access to to an area of the site they do. Once copied, they\u0027d be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page.\n\n### Patches\n\nPatched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature release also incorporates this fix.\n\n### Workarounds\n\nNo workaround is available.\n\n\n### Acknowledgements\n\nWagtail thanks independent security researcher Sanjok Karki @thesanjok for reporting this issue.\n\n### For more information\nIf there are any questions or comments about this advisory:\n\n* Visit Wagtail\u0027s [support channels](https://docs.wagtail.org/en/stable/support.html)\n* Send an email to [security@wagtail.org](mailto:security@wagtail.org) (view the [security policy](https://github.com/wagtail/wagtail/security/policy) for more information).",
"id": "GHSA-67rv-mg8q-5pf3",
"modified": "2026-06-08T19:56:00Z",
"published": "2026-05-08T20:23:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44200"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-149.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/wagtail/wagtail"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Wagtail has improper permission handling when copying pages"
}
GHSA-6F27-3P6C-P5JC
Vulnerability from github – Published: 2023-03-21 22:30 – Updated: 2023-03-22 21:49Impact
cilium-cli, when used to configure cluster mesh functionality, can remove the enforcement of user permissions on the etcd store used to mirror local cluster information to remote clusters.
Due to an incorrect mount point specification, the settings specified by the initContainer that configures etcd users and their permissions are overwritten when using cilium-cli to configure a cluster mesh. An attacker who has already gained access to a valid key and certificate for an etcd cluster compromised in this manner could then modify state in that etcd cluster.
Patches
This issue is patched in cilium-cli 0.13.2
All previous versions of cilium-cli are affected. Users who have set up cluster meshes using the Cilium Helm chart are not affected.
Workarounds
Use Cilium's Helm charts to create your cluster instead.
Acknowledgements
The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to Marco Iorio for investigating and fixing the issue.
For more information
If you have any questions or comments about this advisory, please reach out on Slack.
As usual, if you think you found a related vulnerability, we strongly encourage you to report security vulnerabilities to our private security mailing list: security@cilium.io - first, before disclosing them in any public forums. This is a private mailing list where only members of the Cilium internal security team are subscribed to, and is treated as top priority.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cilium/cilium-cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.13.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-28114"
],
"database_specific": {
"cwe_ids": [
"CWE-280"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-21T22:30:43Z",
"nvd_published_at": "2023-03-22T19:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\n`cilium-cli`, when used to configure cluster mesh functionality, can remove the enforcement of user permissions on the `etcd` store used to mirror local cluster information to remote clusters. \n\nDue to an incorrect mount point specification, the settings specified by the `initContainer` that configures `etcd` users and their permissions are overwritten when using `cilium-cli` to configure a cluster mesh. An attacker who has already gained access to a valid key and certificate for an `etcd` cluster compromised in this manner could then modify state in that `etcd` cluster.\n\n### Patches\n\nThis issue is patched in `cilium-cli` 0.13.2\n\nAll previous versions of `cilium-cli` are affected. Users who have set up cluster meshes using the Cilium Helm chart are not affected.\n\n### Workarounds\n\nUse Cilium\u0027s [Helm charts](https://artifacthub.io/packages/helm/cilium/cilium) to create your cluster instead.\n\n### Acknowledgements\n\nThe Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to Marco Iorio for investigating and fixing the issue.\n\n### For more information\nIf you have any questions or comments about this advisory, please reach out on [Slack](https://docs.cilium.io/en/latest/community/community/#slack).\n\nAs usual, if you think you found a related vulnerability, we strongly encourage you to report security vulnerabilities to our private security mailing list: [security@cilium.io](mailto:security@cilium.io) - first, before disclosing them in any public forums. This is a private mailing list where only members of the Cilium internal security team are subscribed to, and is treated as top priority.",
"id": "GHSA-6f27-3p6c-p5jc",
"modified": "2023-03-22T21:49:33Z",
"published": "2023-03-21T22:30:43Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cilium/cilium-cli/security/advisories/GHSA-6f27-3p6c-p5jc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28114"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium-cli/commit/fb1427025764e1eebc4a7710d902c4f22cae2610"
},
{
"type": "WEB",
"url": "https://artifacthub.io/packages/helm/cilium/cilium"
},
{
"type": "PACKAGE",
"url": "https://github.com/cilium/cilium-cli"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium-cli/releases/tag/v0.13.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "`cilium-cli` disables etcd authorization for clustermesh clusters"
}
GHSA-6WHJ-8G9G-5JVX
Vulnerability from github – Published: 2022-12-30 18:30 – Updated: 2023-01-10 16:15Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/usememos/memos"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-4863"
],
"database_specific": {
"cwe_ids": [
"CWE-280"
],
"github_reviewed": true,
"github_reviewed_at": "2023-01-04T15:18:43Z",
"nvd_published_at": "2022-12-30T16:15:00Z",
"severity": "MODERATE"
},
"details": "Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.",
"id": "GHSA-6whj-8g9g-5jvx",
"modified": "2023-01-10T16:15:33Z",
"published": "2022-12-30T18:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4863"
},
{
"type": "WEB",
"url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53"
},
{
"type": "PACKAGE",
"url": "https://github.com/usememos/memos"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/42751929-e511-49a9-888d-d5b610da2a45"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges"
}
GHSA-75GF-XHHP-53RR
Vulnerability from github – Published: 2024-05-16 12:30 – Updated: 2024-05-16 12:30In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token
{
"affected": [],
"aliases": [
"CVE-2024-35301"
],
"database_specific": {
"cwe_ids": [
"CWE-280"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-16T11:15:47Z",
"severity": "MODERATE"
},
"details": "In JetBrains TeamCity before 2024.03.1 commit status publisher didn\u0027t check project scope of the GitHub App token",
"id": "GHSA-75gf-xhhp-53rr",
"modified": "2024-05-16T12:30:22Z",
"published": "2024-05-16T12:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35301"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7X54-8VHV-9FRJ
Vulnerability from github – Published: 2024-03-20 15:32 – Updated: 2024-08-03 21:30An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges.
{
"affected": [],
"aliases": [
"CVE-2024-22078"
],
"database_specific": {
"cwe_ids": [
"CWE-280"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-20T05:15:45Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges.",
"id": "GHSA-7x54-8vhv-9frj",
"modified": "2024-08-03T21:30:33Z",
"published": "2024-03-20T15:32:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22078"
},
{
"type": "WEB",
"url": "https://www.elspec-ltd.com/support/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7X6F-HX8G-5Q5J
Vulnerability from github – Published: 2025-07-02 12:32 – Updated: 2025-07-02 12:32Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections.
Details: Account members of the Network Administrator profile can access the target machine via SFTP with the same credentials used for SSH CLI access and are able to read all files according to the OS permission instead of remaining inside the chrooted directory position.
{
"affected": [],
"aliases": [
"CVE-2025-27024"
],
"database_specific": {
"cwe_ids": [
"CWE-280"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-02T10:15:22Z",
"severity": "MODERATE"
},
"details": "Unrestricted access to OS file system in SFTP service in Infinera G42 \nversion R6.1.3 allows remote authenticated users to read/write OS files \nvia SFTP connections.\n\n\nDetails: Account members of the Network Administrator profile can access the \ntarget machine via SFTP with the same credentials used for SSH CLI \naccess and are able to read all files according to the OS permission instead of remaining inside the chrooted directory position.",
"id": "GHSA-7x6f-hx8g-5q5j",
"modified": "2025-07-02T12:32:12Z",
"published": "2025-07-02T12:32:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27024"
},
{
"type": "WEB",
"url": "https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27024"
},
{
"type": "WEB",
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27024"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-85MC-VHW9-M985
Vulnerability from github – Published: 2022-11-10 12:01 – Updated: 2022-11-10 19:01Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information.
{
"affected": [],
"aliases": [
"CVE-2022-39885"
],
"database_specific": {
"cwe_ids": [
"CWE-280",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-09T22:15:00Z",
"severity": "LOW"
},
"details": "Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information.",
"id": "GHSA-85mc-vhw9-m985",
"modified": "2022-11-10T19:01:09Z",
"published": "2022-11-10T12:01:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39885"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-88RV-3GW6-829J
Vulnerability from github – Published: 2025-04-04 18:30 – Updated: 2025-04-07 15:31Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.
Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.
{
"affected": [],
"aliases": [
"CVE-2025-0468"
],
"database_specific": {
"cwe_ids": [
"CWE-280"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-04T16:15:17Z",
"severity": "HIGH"
},
"details": "Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.\n\nUnder certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.",
"id": "GHSA-88rv-3gw6-829j",
"modified": "2025-04-07T15:31:01Z",
"published": "2025-04-04T18:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0468"
},
{
"type": "WEB",
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8J3X-W35R-RW4R
Vulnerability from github – Published: 2024-01-25 21:32 – Updated: 2024-11-25 14:33A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.quarkus.resteasy.reactive:resteasy-reactive"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.13.9.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.quarkus.resteasy.reactive:resteasy-reactive"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0.Final"
},
{
"fixed": "3.2.9.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-6267"
],
"database_specific": {
"cwe_ids": [
"CWE-280",
"CWE-502",
"CWE-755"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-31T22:38:58Z",
"nvd_published_at": "2024-01-25T19:15:08Z",
"severity": "HIGH"
},
"details": "A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.",
"id": "GHSA-8j3x-w35r-rw4r",
"modified": "2024-11-25T14:33:44Z",
"published": "2024-01-25T21:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6267"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0494"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0495"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-6267"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251155"
},
{
"type": "PACKAGE",
"url": "https://github.com/quarkusio/quarkus"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability"
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation
Always check to see if you have successfully accessed a resource or system functionality, and use proper error handling if it is unsuccessful. Do this even when you are operating in a highly privileged mode, because errors or environmental conditions might still cause a failure. For example, environments with highly granular permissions/privilege models, such as Windows or Linux capabilities, can cause unexpected failures.
No CAPEC attack patterns related to this CWE.