CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5427 vulnerabilities reference this CWE, most recent first.
GHSA-M678-F26J-3HRP
Vulnerability from github – Published: 2022-10-26 22:07 – Updated: 2024-09-24 20:39Impact
What kind of vulnerability is it? Who is impacted?
We’d like to disclose an arbitrary code execution vulnerability in jupyter_core that stems from jupyter_core executing untrusted files in the current working directory. This vulnerability allows one user to run code as another.
Patches
Has the problem been patched? What versions should users upgrade to?
Users should upgrade to jupyter_core>=4.11.2.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading? No
References
Are there any links users can visit to find out more? Similar advisory in IPython
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "jupyter-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.11.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-39286"
],
"database_specific": {
"cwe_ids": [
"CWE-250",
"CWE-269",
"CWE-427"
],
"github_reviewed": true,
"github_reviewed_at": "2022-10-26T22:07:00Z",
"nvd_published_at": "2022-10-26T20:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\nWe\u2019d like to disclose an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in the current working directory. This vulnerability allows one user to run code as another.\n\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\nUsers should upgrade to `jupyter_core\u003e=4.11.2`.\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\nNo\n\n### References\n_Are there any links users can visit to find out more?_\nSimilar advisory in [IPython](https://github.com/advisories/GHSA-pq7m-3gw7-gq5x)\n\n",
"id": "GHSA-m678-f26j-3hrp",
"modified": "2024-09-24T20:39:29Z",
"published": "2022-10-26T22:07:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jupyter/jupyter_core/security/advisories/GHSA-m678-f26j-3hrp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39286"
},
{
"type": "WEB",
"url": "https://github.com/jupyter/jupyter_core/commit/1118c8ce01800cb689d51f655f5ccef19516e283"
},
{
"type": "PACKAGE",
"url": "https://github.com/jupyter/jupyter_core"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-core/PYSEC-2022-42974.yaml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KKMP5OXXIX2QAUNVNJZ5UEQFKDYYJVBA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YIDN7JMLK6AOMBQI4QPSW4MBQGWQ5NIN"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202301-04"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5422"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Execution with Unnecessary Privileges in JupyterApp"
}
GHSA-M67V-RHJQ-4R57
Vulnerability from github – Published: 2024-04-30 15:30 – Updated: 2024-08-15 18:31An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature.
{
"affected": [],
"aliases": [
"CVE-2024-33308"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-30T15:15:53Z",
"severity": "CRITICAL"
},
"details": "An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature.",
"id": "GHSA-m67v-rhjq-4r57",
"modified": "2024-08-15T18:31:43Z",
"published": "2024-04-30T15:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33308"
},
{
"type": "WEB",
"url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT"
},
{
"type": "WEB",
"url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT/tree/main"
},
{
"type": "WEB",
"url": "https://github.com/msn-official/CVE-Evidence"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M6C9-29MJ-CJH4
Vulnerability from github – Published: 2022-02-10 00:00 – Updated: 2022-05-24 00:01Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21981.
{
"affected": [],
"aliases": [
"CVE-2022-22000"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-09T17:15:00Z",
"severity": "HIGH"
},
"details": "Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21981.",
"id": "GHSA-m6c9-29mj-cjh4",
"modified": "2022-05-24T00:01:03Z",
"published": "2022-02-10T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22000"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22000"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22000"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M6F5-297G-9HQJ
Vulnerability from github – Published: 2021-12-28 00:00 – Updated: 2022-07-13 00:01Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges.
{
"affected": [],
"aliases": [
"CVE-2021-45336"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-27T14:15:00Z",
"severity": "HIGH"
},
"details": "Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges.",
"id": "GHSA-m6f5-297g-9hqj",
"modified": "2022-07-13T00:01:50Z",
"published": "2021-12-28T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45336"
},
{
"type": "WEB",
"url": "https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5"
},
{
"type": "WEB",
"url": "https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M6F8-HJRV-MW5F
Vulnerability from github – Published: 2023-03-27 22:17 – Updated: 2023-03-27 22:17Impact
Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL. The URL includes Organisation ID, Client ID, and Client Version of the targeted non-permitted resource, and each of these can have arbitrary values.
While not trivial to exploit, it could be achieved by brute-forcing or guessing common names.
Access to the non-permitted API Keys could allow use of other users' resources without their permission (depending on the specifics of configuration, such as whether an API key is the only form of security).
Patches
Apiman 3.1.0.Final and later resolves this issue.
Workarounds
Only provide Apiman Manager accounts to known users, do not allow anonymous/unknown users to create an Apiman Manager account.
Note that this does not affect the Apiman Gateway.
References
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c 3.0.0.Final"
},
"package": {
"ecosystem": "Maven",
"name": "io.apiman:apiman-manager-api-rest-impl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-28640"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-280",
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-27T22:17:57Z",
"nvd_published_at": "2023-03-27T21:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nDue to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL. The URL includes Organisation ID, Client ID, and Client Version of the targeted non-permitted resource, and each of these can have arbitrary values.\n\nWhile not trivial to exploit, it could be achieved by brute-forcing or guessing common names.\n\nAccess to the non-permitted API Keys could allow use of other users\u0027 resources without their permission (depending on the specifics of configuration, such as whether an API key is the only form of security).\n\n### Patches\n\nApiman 3.1.0.Final and later resolves this issue. \n\n### Workarounds\n\nOnly provide Apiman Manager accounts to known users, do not allow anonymous/unknown users to create an Apiman Manager account.\n\nNote that this does **not** affect the Apiman Gateway.\n\n### References\n\n* [Blog post disclosing issue](https://www.apiman.io/blog/potential-permissions-bypass-disclosure/)\n",
"id": "GHSA-m6f8-hjrv-mw5f",
"modified": "2023-03-27T22:17:57Z",
"published": "2023-03-27T22:17:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/apiman/apiman/security/advisories/GHSA-m6f8-hjrv-mw5f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28640"
},
{
"type": "PACKAGE",
"url": "https://github.com/apiman/apiman"
},
{
"type": "WEB",
"url": "https://www.apiman.io/blog/potential-permissions-bypass-disclosure"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apiman vulnerable to permissions bypass due to missing check on API key URL"
}
GHSA-M6J9-2WQP-CHWC
Vulnerability from github – Published: 2026-06-02 00:31 – Updated: 2026-06-02 00:31In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2026-0016"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T22:16:19Z",
"severity": "LOW"
},
"details": "In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-m6j9-2wqp-chwc",
"modified": "2026-06-02T00:31:55Z",
"published": "2026-06-02T00:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0016"
},
{
"type": "WEB",
"url": "https://source.android.com/docs/security/bulletin/2026/2026-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M6JM-MWMF-G97V
Vulnerability from github – Published: 2021-12-16 00:00 – Updated: 2022-07-13 00:01Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/A
{
"affected": [],
"aliases": [
"CVE-2021-39644"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-15T19:15:00Z",
"severity": "CRITICAL"
},
"details": "Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/A",
"id": "GHSA-m6jm-mwmf-g97v",
"modified": "2022-07-13T00:01:38Z",
"published": "2021-12-16T00:00:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39644"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2021-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M6M2-GM49-GP5R
Vulnerability from github – Published: 2022-05-24 17:16 – Updated: 2022-05-24 17:16GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.
{
"affected": [],
"aliases": [
"CVE-2020-12275"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-29T17:15:00Z",
"severity": "MODERATE"
},
"details": "GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.",
"id": "GHSA-m6m2-gm49-gp5r",
"modified": "2022-05-24T17:16:52Z",
"published": "2022-05-24T17:16:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12275"
},
{
"type": "WEB",
"url": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-M6MV-6JVC-P4XV
Vulnerability from github – Published: 2023-10-25 18:32 – Updated: 2024-04-04 08:54The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
{
"affected": [],
"aliases": [
"CVE-2023-39732"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-25T18:17:29Z",
"severity": "HIGH"
},
"details": "The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.",
"id": "GHSA-m6mv-6jvc-p4xv",
"modified": "2024-04-04T08:54:45Z",
"published": "2023-10-25T18:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39732"
},
{
"type": "WEB",
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39732.md"
},
{
"type": "WEB",
"url": "https://liff.line.me/1657574837-elb6bNQj"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M6Q7-68X5-3882
Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2022-05-24 17:22An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations, aka 'Windows Modules Installer Elevation of Privilege Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2020-1346"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-07-14T23:15:00Z",
"severity": "MODERATE"
},
"details": "An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations, aka \u0027Windows Modules Installer Elevation of Privilege Vulnerability\u0027.",
"id": "GHSA-m6q7-68x5-3882",
"modified": "2022-05-24T17:22:59Z",
"published": "2022-05-24T17:22:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1346"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1346"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.