Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5427 vulnerabilities reference this CWE, most recent first.

GHSA-M678-F26J-3HRP

Vulnerability from github – Published: 2022-10-26 22:07 – Updated: 2024-09-24 20:39
VLAI
Summary
Execution with Unnecessary Privileges in JupyterApp
Details

Impact

What kind of vulnerability is it? Who is impacted? We’d like to disclose an arbitrary code execution vulnerability in jupyter_core that stems from jupyter_core executing untrusted files in the current working directory. This vulnerability allows one user to run code as another.

Patches

Has the problem been patched? What versions should users upgrade to? Users should upgrade to jupyter_core>=4.11.2.

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading? No

References

Are there any links users can visit to find out more? Similar advisory in IPython

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jupyter-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.11.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39286"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-250",
      "CWE-269",
      "CWE-427"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-26T22:07:00Z",
    "nvd_published_at": "2022-10-26T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\nWe\u2019d like to disclose an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in the current working directory. This vulnerability allows one user to run code as another.\n\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\nUsers should upgrade to `jupyter_core\u003e=4.11.2`.\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\nNo\n\n### References\n_Are there any links users can visit to find out more?_\nSimilar advisory in [IPython](https://github.com/advisories/GHSA-pq7m-3gw7-gq5x)\n\n",
  "id": "GHSA-m678-f26j-3hrp",
  "modified": "2024-09-24T20:39:29Z",
  "published": "2022-10-26T22:07:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jupyter/jupyter_core/security/advisories/GHSA-m678-f26j-3hrp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39286"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jupyter/jupyter_core/commit/1118c8ce01800cb689d51f655f5ccef19516e283"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jupyter/jupyter_core"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-core/PYSEC-2022-42974.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KKMP5OXXIX2QAUNVNJZ5UEQFKDYYJVBA"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YIDN7JMLK6AOMBQI4QPSW4MBQGWQ5NIN"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202301-04"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5422"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Execution with Unnecessary Privileges in JupyterApp"
}

GHSA-M67V-RHJQ-4R57

Vulnerability from github – Published: 2024-04-30 15:30 – Updated: 2024-08-15 18:31
VLAI
Details

An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-33308"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-30T15:15:53Z",
    "severity": "CRITICAL"
  },
  "details": "An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature.",
  "id": "GHSA-m67v-rhjq-4r57",
  "modified": "2024-08-15T18:31:43Z",
  "published": "2024-04-30T15:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33308"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT/tree/main"
    },
    {
      "type": "WEB",
      "url": "https://github.com/msn-official/CVE-Evidence"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6C9-29MJ-CJH4

Vulnerability from github – Published: 2022-02-10 00:00 – Updated: 2022-05-24 00:01
VLAI
Details

Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21981.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22000"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-09T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21981.",
  "id": "GHSA-m6c9-29mj-cjh4",
  "modified": "2022-05-24T00:01:03Z",
  "published": "2022-02-10T00:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22000"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22000"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22000"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6F5-297G-9HQJ

Vulnerability from github – Published: 2021-12-28 00:00 – Updated: 2022-07-13 00:01
VLAI
Details

Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-45336"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-27T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges.",
  "id": "GHSA-m6f5-297g-9hqj",
  "modified": "2022-07-13T00:01:50Z",
  "published": "2021-12-28T00:00:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45336"
    },
    {
      "type": "WEB",
      "url": "https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5"
    },
    {
      "type": "WEB",
      "url": "https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6F8-HJRV-MW5F

Vulnerability from github – Published: 2023-03-27 22:17 – Updated: 2023-03-27 22:17
VLAI
Summary
Apiman vulnerable to permissions bypass due to missing check on API key URL
Details

Impact

Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL. The URL includes Organisation ID, Client ID, and Client Version of the targeted non-permitted resource, and each of these can have arbitrary values.

While not trivial to exploit, it could be achieved by brute-forcing or guessing common names.

Access to the non-permitted API Keys could allow use of other users' resources without their permission (depending on the specifics of configuration, such as whether an API key is the only form of security).

Patches

Apiman 3.1.0.Final and later resolves this issue.

Workarounds

Only provide Apiman Manager accounts to known users, do not allow anonymous/unknown users to create an Apiman Manager account.

Note that this does not affect the Apiman Gateway.

References

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 3.0.0.Final"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "io.apiman:apiman-manager-api-rest-impl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.0.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-28640"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-280",
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-27T22:17:57Z",
    "nvd_published_at": "2023-03-27T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nDue to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL. The URL includes Organisation ID, Client ID, and Client Version of the targeted non-permitted resource, and each of these can have arbitrary values.\n\nWhile not trivial to exploit, it could be achieved by brute-forcing or guessing common names.\n\nAccess to the non-permitted API Keys could allow use of other users\u0027 resources without their permission (depending on the specifics of configuration, such as whether an API key is the only form of security).\n\n### Patches\n\nApiman 3.1.0.Final and later resolves this issue. \n\n### Workarounds\n\nOnly provide Apiman Manager accounts to known users, do not allow anonymous/unknown users to create an Apiman Manager account.\n\nNote that this does **not** affect the Apiman Gateway.\n\n### References\n\n* [Blog post disclosing issue](https://www.apiman.io/blog/potential-permissions-bypass-disclosure/)\n",
  "id": "GHSA-m6f8-hjrv-mw5f",
  "modified": "2023-03-27T22:17:57Z",
  "published": "2023-03-27T22:17:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/apiman/apiman/security/advisories/GHSA-m6f8-hjrv-mw5f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28640"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apiman/apiman"
    },
    {
      "type": "WEB",
      "url": "https://www.apiman.io/blog/potential-permissions-bypass-disclosure"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apiman vulnerable to permissions bypass due to missing check on API key URL"
}

GHSA-M6J9-2WQP-CHWC

Vulnerability from github – Published: 2026-06-02 00:31 – Updated: 2026-06-02 00:31
VLAI
Details

In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-0016"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-01T22:16:19Z",
    "severity": "LOW"
  },
  "details": "In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-m6j9-2wqp-chwc",
  "modified": "2026-06-02T00:31:55Z",
  "published": "2026-06-02T00:31:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0016"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/docs/security/bulletin/2026/2026-06-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6JM-MWMF-G97V

Vulnerability from github – Published: 2021-12-16 00:00 – Updated: 2022-07-13 00:01
VLAI
Details

Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/A

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39644"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-15T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/A",
  "id": "GHSA-m6jm-mwmf-g97v",
  "modified": "2022-07-13T00:01:38Z",
  "published": "2021-12-16T00:00:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39644"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2021-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6M2-GM49-GP5R

Vulnerability from github – Published: 2022-05-24 17:16 – Updated: 2022-05-24 17:16
VLAI
Details

GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-12275"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-29T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.",
  "id": "GHSA-m6m2-gm49-gp5r",
  "modified": "2022-05-24T17:16:52Z",
  "published": "2022-05-24T17:16:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12275"
    },
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-M6MV-6JVC-P4XV

Vulnerability from github – Published: 2023-10-25 18:32 – Updated: 2024-04-04 08:54
VLAI
Details

The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39732"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-25T18:17:29Z",
    "severity": "HIGH"
  },
  "details": "The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.",
  "id": "GHSA-m6mv-6jvc-p4xv",
  "modified": "2024-04-04T08:54:45Z",
  "published": "2023-10-25T18:32:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39732"
    },
    {
      "type": "WEB",
      "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39732.md"
    },
    {
      "type": "WEB",
      "url": "https://liff.line.me/1657574837-elb6bNQj"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M6Q7-68X5-3882

Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2022-05-24 17:22
VLAI
Details

An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations, aka 'Windows Modules Installer Elevation of Privilege Vulnerability'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1346"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-14T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations, aka \u0027Windows Modules Installer Elevation of Privilege Vulnerability\u0027.",
  "id": "GHSA-m6q7-68x5-3882",
  "modified": "2022-05-24T17:22:59Z",
  "published": "2022-05-24T17:22:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1346"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1346"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.