Common Weakness Enumeration

CWE-648

Allowed

Incorrect Use of Privileged APIs

Abstraction: Base · Status: Incomplete

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

113 vulnerabilities reference this CWE, most recent first.

GHSA-MQ5Q-GPGV-PWXW

Vulnerability from github – Published: 2022-12-28 15:30 – Updated: 2023-01-10 15:41
VLAI
Summary
usememos/memos Incorrect Use of Privileged APIs vulnerability
Details

In usememos/memos 0.9.0 and prior, a user can archive any private memos, delete any shortcut, and edit any shortcut from other users via API.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.9.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/usememos/memos"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-4805"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-30T19:58:45Z",
    "nvd_published_at": "2022-12-28T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In usememos/memos 0.9.0 and prior, a user can archive any private memos, delete any shortcut, and edit any shortcut from other users via API.",
  "id": "GHSA-mq5q-gpgv-pwxw",
  "modified": "2023-01-10T15:41:58Z",
  "published": "2022-12-28T15:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4805"
    },
    {
      "type": "WEB",
      "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/usememos/memos"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/b03f6a9b-e49b-42d6-a318-1d7afd985873"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "usememos/memos Incorrect Use of Privileged APIs vulnerability"
}

GHSA-P76J-345F-QXPW

Vulnerability from github – Published: 2025-02-11 09:30 – Updated: 2025-07-02 18:30
VLAI
Details

In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associated Active Directory. The requests when crafted correctly would return specific information from user profiles (Email address/UPN and Display name) from one endpoint and group information ( Group ID and Display name) from the other. This vulnerability does not expose data within the Octopus Server product itself.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0589"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-11T09:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associated Active Directory. The requests when crafted correctly would return specific information from user profiles (Email address/UPN and Display name) from one endpoint and group information ( Group ID and Display name) from the other. This vulnerability does not expose data within the Octopus Server product itself.",
  "id": "GHSA-p76j-345f-qxpw",
  "modified": "2025-07-02T18:30:21Z",
  "published": "2025-02-11T09:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0589"
    },
    {
      "type": "WEB",
      "url": "https://advisories.octopus.com/post/2025/sa2025-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-P7QM-4248-G65P

Vulnerability from github – Published: 2026-04-16 21:31 – Updated: 2026-06-30 03:36
VLAI
Details

Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-54502"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-16T20:16:37Z",
    "severity": "HIGH"
  },
  "details": "Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.",
  "id": "GHSA-p7qm-4248-g65p",
  "modified": "2026-06-30T03:36:17Z",
  "published": "2026-04-16T21:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54502"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-54502"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459023"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-54502.json"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7054.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-PM44-X5X7-24C4

Vulnerability from github – Published: 2026-02-09 12:30 – Updated: 2026-06-05 14:25
VLAI
Summary
Apache Airflow Has an Authorization Bypass That Allows Unauthorized Task Log Access
Details

Vulnerability Overview

An authorization bypass vulnerability exists in Apache Airflow that allows authenticated users to access task execution logs without the required permissions.

The Flaw

The vulnerability affects environments using custom roles or granular permission settings. Normally, Airflow allows administrators to separate "Task" access (viewing the task state) from "Task Log" access (viewing the console output/logs).

In affected versions, the permission check for retrieving logs is insufficient. An authenticated user who has been granted access to view Tasks can successfully request and view Task Logs, even if they do not have the specific can_read permission for Logs.

Impact

  • Confidentiality Loss: Task logs often contain sensitive operational data, debugging information, or potentially leaked secrets (environment variables, connection strings) that should not be visible to all users with basic task access.
  • Broken Access Control: This bypasses the intended security model for restricted user roles.

Affected Versions

  • Apache Airflow 3.1.0 through 3.1.6

Patches

Users should upgrade to Apache Airflow 3.1.7 or later, which enforces the correct permission checks for log access.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-airflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-22922"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-11T21:40:06Z",
    "nvd_published_at": "2026-02-09T11:16:13Z",
    "severity": "MODERATE"
  },
  "details": "## Vulnerability Overview\n\nAn authorization bypass vulnerability exists in Apache Airflow that allows authenticated users to access task execution logs without the required permissions.\n\n## The Flaw\n\nThe vulnerability affects environments using custom roles or granular permission settings. Normally, Airflow allows administrators to separate \"Task\" access (viewing the task state) from \"Task Log\" access (viewing the console output/logs).\n\nIn affected versions, the permission check for retrieving logs is insufficient. An authenticated user who has been granted access to view Tasks can successfully request and view Task Logs, even if they do not have the specific `can_read` permission for Logs.\n\n## Impact\n\n- **Confidentiality Loss:** Task logs often contain sensitive operational data, debugging information, or potentially leaked secrets (environment variables, connection strings) that should not be visible to all users with basic task access.\n- **Broken Access Control:** This bypasses the intended security model for restricted user roles.\n\n## Affected Versions\n\n- Apache Airflow 3.1.0 through 3.1.6\n\n## Patches\n\nUsers should upgrade to Apache Airflow **3.1.7** or later, which enforces the correct permission checks for log access.",
  "id": "GHSA-pm44-x5x7-24c4",
  "modified": "2026-06-05T14:25:20Z",
  "published": "2026-02-09T12:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22922"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/60412"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/airflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2026-11.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/gdb7vffhpmrj5hp1j0oj1j13o4vmsq40"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/02/09/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Airflow Has an Authorization Bypass That Allows Unauthorized Task Log Access"
}

GHSA-PWFV-3CVG-9M4C

Vulnerability from github – Published: 2023-04-12 20:36 – Updated: 2025-02-06 20:02
VLAI
Summary
org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors
Details

Impact

The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking rights. Example of such attack:

{{velocity}}
$doc.setContent('{{velocity}}$xcontext.context.authorReference{{/velocity}}')
$doc.authors.setContentAuthor('xwiki:XWiki.superadmin')
$doc.getRenderedContent()
{{/velocity}}

Patches

The problem has been patched in XWiki 14.10 and 14.4.7 by returning a safe script API.

Workarounds

There no easy workaround apart of upgrading.

References

  • https://jira.xwiki.org/browse/XWIKI-20380
  • https://github.com/xwiki/xwiki-platform/commit/905cdd7c421dbf8c565557cdc773ab1aa9028f83

For more information

If you have any questions or comments about this advisory: * Open an issue in Jira * Email us at security ML

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-oldcore"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "14.5"
            },
            {
              "fixed": "14.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-oldcore"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "14.4.1"
            },
            {
              "fixed": "14.4.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-29507"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-12T20:36:28Z",
    "nvd_published_at": "2023-04-16T07:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nThe Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking rights. \nExample of such attack:\n\n```\n{{velocity}}\n$doc.setContent(\u0027{{velocity}}$xcontext.context.authorReference{{/velocity}}\u0027)\n$doc.authors.setContentAuthor(\u0027xwiki:XWiki.superadmin\u0027)\n$doc.getRenderedContent()\n{{/velocity}}\n```\n\n### Patches\nThe problem has been patched in XWiki 14.10 and 14.4.7 by returning a safe script API.\n\n### Workarounds\nThere no easy workaround apart of upgrading. \n\n### References\n\n  * https://jira.xwiki.org/browse/XWIKI-20380\n  * https://github.com/xwiki/xwiki-platform/commit/905cdd7c421dbf8c565557cdc773ab1aa9028f83\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira](https://jira.xwiki.org)\n* Email us at [security ML](mailto:security@xwiki.org)",
  "id": "GHSA-pwfv-3cvg-9m4c",
  "modified": "2025-02-06T20:02:23Z",
  "published": "2023-04-12T20:36:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pwfv-3cvg-9m4c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29507"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/905cdd7c421dbf8c565557cdc773ab1aa9028f83"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-20380"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors"
}

GHSA-Q58C-X76H-3JHC

Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2024-04-04 01:52
VLAI
Details

A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-14811"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-03T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.",
  "id": "GHSA-q58c-x76h-3jhc",
  "modified": "2024-04-04T01:52:35Z",
  "published": "2022-05-24T16:55:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14811"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2019:2824"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2594"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Sep/15"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202004-03"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4518"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R3V5-2GRC-429H

Vulnerability from github – Published: 2026-04-10 00:30 – Updated: 2026-04-10 20:20
VLAI
Summary
Duplicate Advisory: OpenClaw Gateway: RCE and Privilege Escalation from operator.pairing to operator.admin via device.pair.approve
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-hf68-49fm-59cq. This link is maintained to preserve external references.

Original Description

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation to escalate privileges to operator.admin and achieve remote code execution on the Node infrastructure.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.3.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-648"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-10T20:20:07Z",
    "nvd_published_at": "2026-04-09T22:16:33Z",
    "severity": "HIGH"
  },
  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hf68-49fm-59cq. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation to escalate privileges to operator.admin and achieve remote code execution on the Node infrastructure.",
  "id": "GHSA-r3v5-2grc-429h",
  "modified": "2026-04-10T20:20:07Z",
  "published": "2026-04-10T00:30:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hf68-49fm-59cq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35639"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/fc2d29ea926f47c428c556e92ec981441228d2a4"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-device-pair-approve-scope-validation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Duplicate Advisory: OpenClaw Gateway: RCE and Privilege Escalation from operator.pairing to operator.admin via device.pair.approve",
  "withdrawn": "2026-04-10T20:20:07Z"
}

GHSA-R734-GFR8-7QJ8

Vulnerability from github – Published: 2025-04-17 15:32 – Updated: 2025-04-17 15:32
VLAI
Details

Incorrect Use of Privileged APIs vulnerability in OpenText™ Operations Bridge Manager, OpenText™ Operations Bridge Suite (Containerized), OpenText™ UCMDB ( Classic and Containerized) allows Privilege Escalation. 

The vulnerability could allow authenticated attackers to elevate user privileges. This issue affects Operations Bridge Manager: through 2021.05; Operations Bridge Suite (Containerized): through 2021.05; UCMDB ( Classic and Containerized): through 2021.05.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26323"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-17T15:15:45Z",
    "severity": "HIGH"
  },
  "details": "Incorrect Use of Privileged APIs vulnerability in OpenText\u2122 Operations Bridge Manager, OpenText\u2122 Operations Bridge Suite (Containerized), OpenText\u2122 UCMDB ( Classic and Containerized) allows Privilege Escalation.\u00a0\n\nThe vulnerability could allow\u00a0authenticated attackers\u00a0to elevate user privileges.\u00a0This issue affects Operations Bridge Manager: through 2021.05; Operations Bridge Suite (Containerized): through 2021.05; UCMDB ( Classic and Containerized): through 2021.05.",
  "id": "GHSA-r734-gfr8-7qj8",
  "modified": "2025-04-17T15:32:36Z",
  "published": "2025-04-17T15:32:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26323"
    },
    {
      "type": "WEB",
      "url": "https://portal.microfocus.com/s/article/KM000039040?language=en_US"
    },
    {
      "type": "WEB",
      "url": "https://portal.microfocus.com/s/article/KM000039044?language=en_US"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:C/RE:M/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-R95W-889Q-X2GX

Vulnerability from github – Published: 2024-09-18 14:26 – Updated: 2024-11-18 16:27
VLAI
Summary
org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions
Details

Impact

It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1.

Patches

The vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0-rc-1. The patch consists in checking properly the rights of the user before performing any action on the filters.

Workarounds

It's possible to fix manually the vulnerability by editing the document XWiki.Notifications.Code.NotificationPreferenceService to apply the changes performed in this commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4.

References

  • JIRA ticket: https://jira.xwiki.org/browse/XWIKI-20337
  • Commit: e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4

For more information

If you have any questions or comments about this advisory: * Open an issue in Jira XWiki.org * Email us at Security Mailing List

Attribution

This vulnerability has been reported on Intigriti by @floerer

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-notifications-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "13.2-rc-1"
            },
            {
              "fixed": "14.10.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-notifications-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0-rc-1"
            },
            {
              "fixed": "15.5.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-notifications-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.6-rc-1"
            },
            {
              "fixed": "15.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-46978"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-18T14:26:16Z",
    "nvd_published_at": "2024-09-18T18:15:06Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nIt\u0027s possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this.\nThis vulnerability is present in XWiki since 13.2-rc-1. \n\n### Patches\n\nThe vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0-rc-1. The patch consists in checking properly the rights of the user before performing any action on the filters. \n\n### Workarounds\n\nIt\u0027s possible to fix manually the vulnerability by editing the document `XWiki.Notifications.Code.NotificationPreferenceService` to apply the changes performed in this commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4.\n\n### References\n\n  * JIRA ticket: https://jira.xwiki.org/browse/XWIKI-20337\n  * Commit: e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)\n\n### Attribution\n\nThis vulnerability has been reported on Intigriti by @floerer",
  "id": "GHSA-r95w-889q-x2gx",
  "modified": "2024-11-18T16:27:14Z",
  "published": "2024-09-18T14:26:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r95w-889q-x2gx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46978"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/4771573dac88e0cf04e30f1a8dfa183c048d503a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/99193a7e9a203b5bb8b2583ac96f5f4d56b9aa1a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/b9180b874a22e383ad5f2cd9e25bfed4594d4955"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-20337"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions"
}

GHSA-RV26-4V2M-CH64

Vulnerability from github – Published: 2025-01-31 09:31 – Updated: 2025-01-31 09:31
VLAI
Details

Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53007"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-31T08:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call.",
  "id": "GHSA-rv26-4v2m-ch64",
  "modified": "2025-01-31T09:31:49Z",
  "published": "2025-01-31T09:31:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53007"
    },
    {
      "type": "WEB",
      "url": "https://www.bentley.com/advisories/be-2024-0002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Before calling privileged APIs, always ensure that the assumptions made by the privileged code hold true prior to making the call.

Mitigation
Architecture and Design

Know architecture and implementation weaknesses of the privileged APIs and make sure to account for these weaknesses before calling the privileged APIs to ensure that they can be called safely.

Mitigation
Implementation

If privileged APIs make certain assumptions about data, context or state validity that are passed by the caller, the calling code must ensure that these assumptions have been validated prior to making the call.

Mitigation
Implementation

If privileged APIs do not shed their privilege prior to returning to the calling code, then calling code needs to shed these privileges immediately and safely right after the call to the privileged APIs. In particular, the calling code needs to ensure that a privileged thread of execution will never be returned to the user or made available to user-controlled processes.

Mitigation
Implementation

Only call privileged APIs from safe, consistent and expected state.

Mitigation
Implementation

Ensure that a failure or an error will not leave a system in a state where privileges are not properly shed and privilege escalation is possible (i.e. fail securely with regards to handling of privileges).

CAPEC-107: Cross Site Tracing

Cross Site Tracing (XST) enables an adversary to steal the victim's session cookie and possibly other authentication credentials transmitted in the header of the HTTP request when the victim's browser communicates to a destination system's web server.

CAPEC-234: Hijacking a privileged process

An adversary gains control of a process that is assigned elevated privileges in order to execute arbitrary code with those privileges. Some processes are assigned elevated privileges on an operating system, usually through association with a particular user, group, or role. If an attacker can hijack this process, they will be able to assume its level of privilege in order to execute their own code.