VYPR

CWE-269

Improper Privilege Management

ClassDraftLikelihood: Medium

Description

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-122 · CAPEC-233 · CAPEC-58

CVEs mapped to this weakness (1,039)

page 27 of 52
  • CVE-2023-4293HigAug 12, 2023
    risk 0.50cvss 8.8epss 0.01

    The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmpp_update_profile' function. This makes it possible for authenticated attackers,…

  • CVE-2023-2240HigApr 22, 2023
    risk 0.50cvss 8.8epss 0.01

    Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.

  • CVE-2023-1762HigMar 31, 2023
    risk 0.50cvss 8.8epss 0.01

    Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

  • CVE-2022-42735HigFeb 15, 2023
    risk 0.50cvss 8.8epss 0.01

    Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or…

  • CVE-2022-4808HigDec 28, 2022
    risk 0.50cvss 8.8epss 0.00

    Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-38060HigDec 21, 2022
    risk 0.50cvss 8.8epss 0.00

    A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.

  • CVE-2022-39286HigOct 26, 2022
    risk 0.50cvss 8.8epss 0.01

    Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows…

  • CVE-2022-3068HigSep 21, 2022
    risk 0.50cvss 8.8epss 0.00

    Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.

  • CVE-2022-36157HigAug 19, 2022
    risk 0.50cvss 8.8epss 0.01

    XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account.

  • CVE-2022-2063HigJun 13, 2022
    risk 0.50cvss 8.8epss 0.01

    Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+.

  • CVE-2022-1397HigMay 10, 2022
    risk 0.50cvss 8.8epss 0.01

    API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.

  • CVE-2020-23489HigNov 16, 2020
    risk 0.50cvss 8.8epss 0.02

    The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin.

  • CVE-2020-12689HigMay 7, 2020
    risk 0.50cvss 8.8epss 0.02

    An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer…

  • CVE-2019-19023HigMar 20, 2020
    risk 0.50cvss 8.8epss 0.02

    Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform.

  • CVE-2019-11328HigMay 14, 2019
    risk 0.50cvss 8.8epss 0.02

    An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing//…

  • CVE-2019-3849HigMar 26, 2019
    risk 0.50cvss 8.8epss 0.01

    A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.

  • CVE-2018-1000866HigDec 10, 2018
    risk 0.50cvss 8.8epss 0.02

    A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with…

  • CVE-2018-1000865HigDec 10, 2018
    risk 0.50cvss 8.8epss 0.02

    A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins…

  • CVE-2017-10000HigAug 8, 2017
    risk 0.50cvss 7.7epss 0.01

    Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access…

  • CVE-2017-4973HigJun 13, 2017
    risk 0.50cvss 8.8epss 0.01

    An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x…