Common Weakness Enumeration

CWE-280

Allowed

Improper Handling of Insufficient Permissions or Privileges

Abstraction: Base · Status: Draft

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

256 vulnerabilities reference this CWE, most recent first.

CVE-2025-3931 (GCVE-0-2025-3931)

Vulnerability from cvelistv5 – Published: 2025-05-14 11:54 – Updated: 2025-11-11 09:57
VLAI
Title
Yggdrasil: local privilege escalation in yggdrasil
Summary
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
Impacted products
Vendor Product Version
Affected: 0 , < 0.4.7 (semver)
Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:0.4.5-3.el10_0 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:10.0
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Create a notification for this product.
Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
Create a notification for this product.
Date Public
2025-05-14 00:00
Credits
This issue was discovered by Thibault Guittet (Red Hat).
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3931",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-14T13:26:50.331377Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-14T13:27:01.903Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/RedHatInsights/yggdrasil",
          "defaultStatus": "unaffected",
          "packageName": "yggdrasil",
          "versions": [
            {
              "lessThan": "0.4.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "yggdrasil",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.4.5-3.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhc-worker-playbook",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhc-worker-playbook",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhc-worker-playbook",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "yggdrasil",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Thibault Guittet (Red Hat)."
        }
      ],
      "datePublic": "2025-05-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children\u0027s \"worker\" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. \n\nThis flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T09:57:52.248Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:7592",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:7592"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-3931"
        },
        {
          "name": "RHBZ#2362345",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362345"
        },
        {
          "url": "https://github.com/RedHatInsights/yggdrasil/pull/336"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-25T17:06:52.161Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-05-14T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Yggdrasil: local privilege escalation in yggdrasil",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability."
        }
      ],
      "x_redhatCweChain": "CWE-280: Improper Handling of Insufficient Permissions or Privileges"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-3931",
    "datePublished": "2025-05-14T11:54:50.290Z",
    "dateReserved": "2025-04-25T12:24:04.851Z",
    "dateUpdated": "2025-11-11T09:57:52.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-0478 (GCVE-0-2025-0478)

Vulnerability from cvelistv5 – Published: 2025-03-24 11:37 – Updated: 2025-03-24 13:39
VLAI
Title
GPU DDK - PMMETA_PROTECT PMR can be exported as dma-buf file / GEM object
Summary
Software installed and run as a non-privileged user may conduct improper GPU system calls to issue reads and writes to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform, altering their behaviour.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
Impacted products
Vendor Product Version
Imagination Technologies Graphics DDK Affected: 1.15 RTM , ≤ 24.3 RTM2 (custom)
Unaffected: 25.1 RTM (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-0478",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-24T13:38:12.248370Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-24T13:39:13.462Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Linux",
            "Android"
          ],
          "product": "Graphics DDK",
          "vendor": "Imagination Technologies",
          "versions": [
            {
              "lessThanOrEqual": "24.3 RTM2",
              "status": "affected",
              "version": "1.15 RTM",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "25.1 RTM",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSoftware installed and run as a non-privileged user may conduct improper GPU system calls to issue reads and writes to arbitrary physical memory pages.\u003c/p\u003e\u003cp\u003eUnder certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform, altering their behaviour.\u003c/p\u003e"
            }
          ],
          "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to issue reads and writes to arbitrary physical memory pages.\n\nUnder certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform, altering their behaviour."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-679",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-24T11:37:29.200Z",
        "orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
        "shortName": "imaginationtech"
      },
      "references": [
        {
          "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "GPU DDK - PMMETA_PROTECT PMR can be exported as dma-buf file / GEM object",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
    "assignerShortName": "imaginationtech",
    "cveId": "CVE-2025-0478",
    "datePublished": "2025-03-24T11:37:29.200Z",
    "dateReserved": "2025-01-15T10:03:40.851Z",
    "dateUpdated": "2025-03-24T13:39:13.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0468 (GCVE-0-2025-0468)

Vulnerability from cvelistv5 – Published: 2025-04-04 15:39 – Updated: 2025-04-07 14:48
VLAI
Title
GPU DDK - ui64RobustnessAddress can overwrite Freelist / HWRT (and bypass PMMETA)
Summary
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
Impacted products
Vendor Product Version
Imagination Technologies Graphics DDK Affected: 1.15 RTM , ≤ 24.3 RTM (custom)
Unaffected: 25.1 RTM (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-0468",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-07T14:47:23.907010Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-07T14:48:05.895Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Linux",
            "Android"
          ],
          "product": "Graphics DDK",
          "vendor": "Imagination Technologies",
          "versions": [
            {
              "lessThanOrEqual": "24.3 RTM",
              "status": "affected",
              "version": "1.15 RTM",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "25.1 RTM",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSoftware installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.\u003c/p\u003e\u003cp\u003eUnder certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.\u003c/p\u003e"
            }
          ],
          "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.\n\nUnder certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-679",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-04T15:39:37.798Z",
        "orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
        "shortName": "imaginationtech"
      },
      "references": [
        {
          "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "GPU DDK - ui64RobustnessAddress can overwrite Freelist / HWRT (and bypass PMMETA)",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
    "assignerShortName": "imaginationtech",
    "cveId": "CVE-2025-0468",
    "datePublished": "2025-04-04T15:39:37.798Z",
    "dateReserved": "2025-01-14T09:32:36.718Z",
    "dateUpdated": "2025-04-07T14:48:05.895Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-55604 (GCVE-0-2024-55604)

Vulnerability from cvelistv5 – Published: 2025-03-25 14:15 – Updated: 2025-03-25 14:44
VLAI
Title
Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources
Summary
Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a list of datasources in a workspace they're a member of. This information disclosure does NOT expose sensitive data in the datasources, such as database passwords and API Keys. The attacker needs to have been invited to a workspace as a "viewer", by someone in that workspace with access to invite. The attacker then needs to be able to signup/login to that Appsmith instance. The issue is patched in version 1.51. No known workarounds are available.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
References
Impacted products
Vendor Product Version
appsmithorg appsmith Affected: < 1.51
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-55604",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-25T14:44:30.776825Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-25T14:44:39.532Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "appsmith",
          "vendor": "appsmithorg",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.51"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as \"App Viewer\" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a list of datasources in a workspace they\u0027re a member of. This information disclosure does NOT expose sensitive data in the datasources, such as database passwords and API Keys. The attacker needs to have been invited to a workspace as a \"viewer\", by someone in that workspace with access to invite. The attacker then needs to be able to signup/login to that Appsmith instance. The issue is patched in version 1.51. No known workarounds are available."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-25T14:15:05.339Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/appsmithorg/appsmith/security/advisories/GHSA-794x-gm8v-2wj6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/appsmithorg/appsmith/security/advisories/GHSA-794x-gm8v-2wj6"
        }
      ],
      "source": {
        "advisory": "GHSA-794x-gm8v-2wj6",
        "discovery": "UNKNOWN"
      },
      "title": "Appsmith\u0027s Broken Access Control Allows Viewer Role User to Query Datasources"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-55604",
    "datePublished": "2025-03-25T14:15:05.339Z",
    "dateReserved": "2024-12-09T14:22:52.524Z",
    "dateUpdated": "2025-03-25T14:44:39.532Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-51459 (GCVE-0-2024-51459)

Vulnerability from cvelistv5 – Published: 2025-03-19 18:08 – Updated: 2026-02-26 19:09
VLAI
Title
IBM InfoSphere Server Information command execution
Summary
IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7185056 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM InfoSphere Information Server Affected: 11.7
    cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-51459",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-20T03:55:57.878799Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T19:09:21.406Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "InfoSphere Information Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions."
            }
          ],
          "value": "IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-01T01:03:21.027Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7185056"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM InfoSphere Server Information command execution",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-51459",
    "datePublished": "2025-03-19T18:08:06.215Z",
    "dateReserved": "2024-10-28T10:50:10.474Z",
    "dateUpdated": "2026-02-26T19:09:21.406Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-47767 (GCVE-0-2024-47767)

Vulnerability from cvelistv5 – Published: 2024-10-14 17:57 – Updated: 2024-10-15 15:36
VLAI
Title
Tuleap lists trackers in the quick add actions of the backlog without any permissions check
Summary
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not have access to. Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
Impacted products
Vendor Product Version
Enalean tuleap Affected: < 15.13.99.113
Affected: < 15.13-5
Affected: < 15.12-8
Create a notification for this product.
enalean tuleap Affected: 0 , < 15.13.99.113 (custom)
    cpe:2.3:a:enalean:tuleap:*:*:*:*:*:*:*:*
Create a notification for this product.
enalean tuleap_enterprise Affected: 0 , < 15.12-8 (custom)
Affected: 15.13 , < 15.13-5 (custom)
    cpe:2.3:a:enalean:tuleap_enterprise:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:enalean:tuleap:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tuleap",
            "vendor": "enalean",
            "versions": [
              {
                "lessThan": "15.13.99.113",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:enalean:tuleap_enterprise:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tuleap_enterprise",
            "vendor": "enalean",
            "versions": [
              {
                "lessThan": "15.12-8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "15.13-5",
                "status": "affected",
                "version": "15.13",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47767",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T15:31:32.015312Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T15:36:11.946Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tuleap",
          "vendor": "Enalean",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 15.13.99.113"
            },
            {
              "status": "affected",
              "version": "\u003c 15.13-5"
            },
            {
              "status": "affected",
              "version": "\u003c 15.12-8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not have access to. Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T17:57:11.673Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-j342-v27q-329v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-j342-v27q-329v"
        },
        {
          "name": "https://github.com/Enalean/tuleap/commit/16d9efccb2fad8e10343be2604e94c9058ef2c89",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Enalean/tuleap/commit/16d9efccb2fad8e10343be2604e94c9058ef2c89"
        },
        {
          "name": "https://github.com/Enalean/tuleap/commit/e5ce81279766115dc0f126a11d6b5065b5db7eec",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Enalean/tuleap/commit/e5ce81279766115dc0f126a11d6b5065b5db7eec"
        },
        {
          "name": "https://github.com/Enalean/tuleap/commit/f89d7093d2c576ad5e2b35a6a096fcdaf563d1df",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Enalean/tuleap/commit/f89d7093d2c576ad5e2b35a6a096fcdaf563d1df"
        },
        {
          "name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=16d9efccb2fad8e10343be2604e94c9058ef2c89",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=16d9efccb2fad8e10343be2604e94c9058ef2c89"
        },
        {
          "name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=e5ce81279766115dc0f126a11d6b5065b5db7eec",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=e5ce81279766115dc0f126a11d6b5065b5db7eec"
        },
        {
          "name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=f89d7093d2c576ad5e2b35a6a096fcdaf563d1df",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=f89d7093d2c576ad5e2b35a6a096fcdaf563d1df"
        },
        {
          "name": "https://tuleap.net/plugins/tracker/?aid=39728",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tuleap.net/plugins/tracker/?aid=39728"
        }
      ],
      "source": {
        "advisory": "GHSA-j342-v27q-329v",
        "discovery": "UNKNOWN"
      },
      "title": "Tuleap lists trackers in the quick add actions of the backlog without any permissions check"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-47767",
    "datePublished": "2024-10-14T17:57:11.673Z",
    "dateReserved": "2024-09-30T21:28:53.231Z",
    "dateUpdated": "2024-10-15T15:36:11.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47766 (GCVE-0-2024-47766)

Vulnerability from cvelistv5 – Published: 2024-10-14 17:53 – Updated: 2024-10-15 15:37
VLAI
Title
Permissions are incorrectly verified for project administrators in the cross tracker search widget
Summary
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via the cross tracker search widget. Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
Impacted products
Vendor Product Version
Enalean tuleap Affected: < 15.13.99.110
Affected: < 15.13-5
Affected: < 15.12-8
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47766",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T15:37:27.168417Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T15:37:35.456Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tuleap",
          "vendor": "Enalean",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 15.13.99.110"
            },
            {
              "status": "affected",
              "version": "\u003c 15.13-5"
            },
            {
              "status": "affected",
              "version": "\u003c 15.12-8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via the cross tracker search widget. Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T17:56:18.186Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-qfrh-fv84-93hx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-qfrh-fv84-93hx"
        },
        {
          "name": "https://github.com/Enalean/tuleap/commit/529d11b70796589767dd27a40ebadf3eaf8f5674",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Enalean/tuleap/commit/529d11b70796589767dd27a40ebadf3eaf8f5674"
        },
        {
          "name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=529d11b70796589767dd27a40ebadf3eaf8f5674",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=529d11b70796589767dd27a40ebadf3eaf8f5674"
        },
        {
          "name": "https://tuleap.net/plugins/tracker/?aid=39736",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tuleap.net/plugins/tracker/?aid=39736"
        }
      ],
      "source": {
        "advisory": "GHSA-qfrh-fv84-93hx",
        "discovery": "UNKNOWN"
      },
      "title": "Permissions are incorrectly verified for project administrators in the cross tracker search widget"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-47766",
    "datePublished": "2024-10-14T17:53:55.763Z",
    "dateReserved": "2024-09-30T21:28:53.231Z",
    "dateUpdated": "2024-10-15T15:37:35.456Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-46988 (GCVE-0-2024-46988)

Vulnerability from cvelistv5 – Published: 2024-10-14 17:44 – Updated: 2024-10-15 15:40
VLAI
Title
Tuleap does not properly check permissions for email notifications in trackers
Summary
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not have access to. Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
References
Impacted products
Vendor Product Version
Enalean tuleap Affected: < 15.13.99.40
Affected: < 15.13-3
Affected: < 15.12-6
Create a notification for this product.
enalean tuleap Affected: 0 , < 15.13.99.40 (custom)
    cpe:2.3:a:enalean:tuleap:*:*:*:*:*:*:*:*
Create a notification for this product.
enalean tuleap_enterprise Affected: 0 , < 15.12-6 (custom)
Affected: 15.13 , < 15.13-3 (custom)
    cpe:2.3:a:enalean:tuleap_enterprise:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:enalean:tuleap:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tuleap",
            "vendor": "enalean",
            "versions": [
              {
                "lessThan": "15.13.99.40",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:enalean:tuleap_enterprise:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tuleap_enterprise",
            "vendor": "enalean",
            "versions": [
              {
                "lessThan": "15.12-6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "15.13-3",
                "status": "affected",
                "version": "15.13",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46988",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T15:38:53.520503Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T15:40:00.721Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tuleap",
          "vendor": "Enalean",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 15.13.99.40"
            },
            {
              "status": "affected",
              "version": "\u003c 15.13-3"
            },
            {
              "status": "affected",
              "version": "\u003c 15.12-6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not have access to. Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T17:44:53.489Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-g76g-hc92-96xw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-g76g-hc92-96xw"
        },
        {
          "name": "https://tuleap.net/plugins/tracker/?aid=39686",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tuleap.net/plugins/tracker/?aid=39686"
        }
      ],
      "source": {
        "advisory": "GHSA-g76g-hc92-96xw",
        "discovery": "UNKNOWN"
      },
      "title": "Tuleap does not properly check permissions for email notifications in trackers"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-46988",
    "datePublished": "2024-10-14T17:44:53.489Z",
    "dateReserved": "2024-09-16T16:10:09.019Z",
    "dateUpdated": "2024-10-15T15:40:00.721Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-46874 (GCVE-0-2024-46874)

Vulnerability from cvelistv5 – Published: 2024-12-06 18:18 – Updated: 2024-12-06 20:39
VLAI
Title
Ruijie Reyee OS Improper Handling of Insufficient Permissions or Privileges
Summary
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Ruijie Reyee OS Affected: 2.206.x , < 2.320.x (custom)
Create a notification for this product.
ruijie reyee_os Affected: 2.206.x , < 2.320.x (custom)
    cpe:2.3:o:ruijie:reyee_os:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Tomer Goldschmidt and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:ruijie:reyee_os:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "reyee_os",
            "vendor": "ruijie",
            "versions": [
              {
                "lessThan": "2.320.x",
                "status": "affected",
                "version": "2.206.x",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46874",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-06T19:19:56.871607Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-06T20:39:58.690Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Reyee OS",
          "vendor": "Ruijie",
          "versions": [
            {
              "lessThan": "2.320.x",
              "status": "affected",
              "version": "2.206.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tomer Goldschmidt and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRuijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie\u0027s cloud.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie\u0027s cloud."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-06T18:18:23.553Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eRuijie reports that the issues have been fixed on the cloud and no action is needed by end users. However, CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:\u003c/p\u003e\u003cul\u003e\u003cli\u003eMinimize network exposure for all control system devices and/or systems, ensuring they are \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01\"\u003enot accessible from the internet\u003c/a\u003e.\u003c/li\u003e\u003cli\u003eLocate control system networks and remote devices behind firewalls and isolating them from business networks.\u003c/li\u003e\u003cli\u003eWhen remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Ruijie reports that the issues have been fixed on the cloud and no action is needed by end users. However, CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:\n\n  *  Minimize network exposure for all control system devices and/or systems, ensuring they are  not accessible from the internet https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 .\n  *  Locate control system networks and remote devices behind firewalls and isolating them from business networks.\n  *  When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices."
        }
      ],
      "source": {
        "advisory": "ICSA-24-338-01",
        "discovery": "EXTERNAL"
      },
      "title": "Ruijie Reyee OS Improper Handling of Insufficient Permissions or Privileges",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-46874",
    "datePublished": "2024-12-06T18:18:23.553Z",
    "dateReserved": "2024-11-20T23:41:59.171Z",
    "dateUpdated": "2024-12-06T20:39:58.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43705 (GCVE-0-2024-43705)

Vulnerability from cvelistv5 – Published: 2024-12-28 04:58 – Updated: 2024-12-28 16:38
VLAI
Title
GPU DDK - Security: Exploitable PVRSRVBridgePhysmemWrapExtMem may lead to overwrite read-only file/memory (e.g. libc.so)
Summary
Software installed and run as a non-privileged user can trigger the GPU kernel driver to write to arbitrary read-only system files that have been mapped into application memory.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-280 - CWE - CWE-280: Improper Handling of Insufficient Permissions or Privileges (4.15)
Assigner
Impacted products
Vendor Product Version
Imagination Technologies Graphics DDK Affected: 1.13 RTM , ≤ 24.2 RTM2 (custom)
Unaffected: 24.3 RTM (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-43705",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-28T16:37:55.989751Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-28T16:38:31.462Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Linux",
            "Android"
          ],
          "product": "Graphics DDK",
          "vendor": "Imagination Technologies",
          "versions": [
            {
              "lessThanOrEqual": "24.2 RTM2",
              "status": "affected",
              "version": "1.13 RTM",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "24.3 RTM",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSoftware installed and run as a non-privileged user can \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003etrigger the GPU kernel driver to write to arbitrary read-only system files that have been mapped into application memory.\u003c/span\u003e"
            }
          ],
          "value": "Software installed and run as a non-privileged user can trigger the GPU kernel driver to write to arbitrary read-only system files that have been mapped into application memory."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-679",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC - CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections (Version 3.9)"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE - CWE-280: Improper Handling of Insufficient Permissions or Privileges (4.15)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-28T04:58:08.905Z",
        "orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
        "shortName": "imaginationtech"
      },
      "references": [
        {
          "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "GPU DDK - Security: Exploitable PVRSRVBridgePhysmemWrapExtMem may lead to overwrite read-only file/memory (e.g. libc.so)",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
    "assignerShortName": "imaginationtech",
    "cveId": "CVE-2024-43705",
    "datePublished": "2024-12-28T04:58:08.905Z",
    "dateReserved": "2024-08-15T08:21:31.533Z",
    "dateUpdated": "2024-12-28T16:38:31.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation
Implementation

Always check to see if you have successfully accessed a resource or system functionality, and use proper error handling if it is unsuccessful. Do this even when you are operating in a highly privileged mode, because errors or environmental conditions might still cause a failure. For example, environments with highly granular permissions/privilege models, such as Windows or Linux capabilities, can cause unexpected failures.

No CAPEC attack patterns related to this CWE.