CWE-269
Improper Privilege Management
Description
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-122 · CAPEC-233 · CAPEC-58
CVEs mapped to this weakness (1,039)
page 48 of 52| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-23118 | 0.00 | — | 0.02 | Jan 12, 2022 | Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller. | |||
| CVE-2022-23117 | 0.00 | — | 0.01 | Jan 12, 2022 | Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller. | |||
| CVE-2022-0144 | — | 0.00 | — | 0.00 | Jan 11, 2022 | shelljs is vulnerable to Improper Privilege Management | ||
| CVE-2021-43835 | 0.00 | — | 0.01 | Dec 15, 2021 | Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas… | |||
| CVE-2021-37941 | 0.00 | — | 0.00 | Dec 8, 2021 | A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a… | |||
| CVE-2021-28680 | — | 0.00 | — | 0.01 | Dec 7, 2021 | The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise (without this… | ||
| CVE-2021-22966 | — | 0.00 | — | 0.01 | Nov 19, 2021 | Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a… | ||
| CVE-2021-41802 | — | 0.00 | — | 0.01 | Oct 8, 2021 | HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and… | ||
| CVE-2021-39192 | 0.00 | — | 0.01 | Sep 3, 2021 | Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege… | |||
| CVE-2021-39167 | 0.00 | — | 0.02 | Aug 26, 2021 | OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke… | |||
| CVE-2021-39168 | 0.00 | — | 0.02 | Aug 26, 2021 | OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke… | |||
| CVE-2021-37627 | 0.00 | — | 0.01 | Aug 11, 2021 | Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form… | |||
| CVE-2021-33335 | — | 0.00 | — | 0.01 | Aug 3, 2021 | Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to update/edit users to take over a company administrator user account by editing the… | ||
| CVE-2021-34802 | — | 0.00 | — | 0.01 | Jul 27, 2021 | A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges. | ||
| CVE-2020-1742 | 0.00 | — | 0.00 | Jun 7, 2021 | An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.… | |||
| CVE-2021-22118 | — | 0.00 | — | 0.00 | May 27, 2021 | In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been… | ||
| CVE-2021-31155 | — | 0.00 | — | 0.00 | May 27, 2021 | Failure to normalize the umask in please before 0.4 allows a local attacker to gain full root privileges if they are allowed to execute at least one command. | ||
| CVE-2021-21430 | 0.00 | — | 0.00 | May 10, 2021 | OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave… | |||
| CVE-2021-21428 | 0.00 | — | 0.00 | May 10, 2021 | Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the… | |||
| CVE-2021-29452 | 0.00 | — | 0.01 | Apr 16, 2021 | a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged… |
- CVE-2022-23118Jan 12, 2022risk 0.00cvss —epss 0.02
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller.
- CVE-2022-23117Jan 12, 2022risk 0.00cvss —epss 0.01
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller.
- CVE-2022-0144Jan 11, 2022risk 0.00cvss —epss 0.00
shelljs is vulnerable to Improper Privilege Management
- CVE-2021-43835Dec 15, 2021risk 0.00cvss —epss 0.01
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas…
- CVE-2021-37941Dec 8, 2021risk 0.00cvss —epss 0.00
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a…
- CVE-2021-28680Dec 7, 2021risk 0.00cvss —epss 0.01
The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise (without this…
- CVE-2021-22966Nov 19, 2021risk 0.00cvss —epss 0.01
Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a…
- CVE-2021-41802Oct 8, 2021risk 0.00cvss —epss 0.01
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and…
- CVE-2021-39192Sep 3, 2021risk 0.00cvss —epss 0.01
Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege…
- CVE-2021-39167Aug 26, 2021risk 0.00cvss —epss 0.02
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke…
- CVE-2021-39168Aug 26, 2021risk 0.00cvss —epss 0.02
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke…
- CVE-2021-37627Aug 11, 2021risk 0.00cvss —epss 0.01
Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form…
- CVE-2021-33335Aug 3, 2021risk 0.00cvss —epss 0.01
Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to update/edit users to take over a company administrator user account by editing the…
- CVE-2021-34802Jul 27, 2021risk 0.00cvss —epss 0.01
A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges.
- CVE-2020-1742Jun 7, 2021risk 0.00cvss —epss 0.00
An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.…
- CVE-2021-22118May 27, 2021risk 0.00cvss —epss 0.00
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been…
- CVE-2021-31155May 27, 2021risk 0.00cvss —epss 0.00
Failure to normalize the umask in please before 0.4 allows a local attacker to gain full root privileges if they are allowed to execute at least one command.
- CVE-2021-21430May 10, 2021risk 0.00cvss —epss 0.00
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave…
- CVE-2021-21428May 10, 2021risk 0.00cvss —epss 0.00
Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the…
- CVE-2021-29452Apr 16, 2021risk 0.00cvss —epss 0.01
a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged…