VYPR

CWE-271

Privilege Dropping / Lowering Errors

ClassIncompleteLikelihood: High

Description

The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.

In some contexts, a system executing with elevated permissions will hand off a process/file/etc. to another process or user. If the privileges of an entity are not reduced, then elevated privileges are spread throughout a system and possibly to an attacker.

Hierarchy (View 1000)

Parents

CVEs mapped to this weakness (8)

  • CVE-2026-44477CriMay 28, 2026
    risk 0.57cvss 9.9epss 0.00

    CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session…

  • CVE-2025-23395HigMay 26, 2025
    risk 0.51cvss 7.8epss 0.00

    Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with `root` ownership, the invoking user's (real) group ownership and file mode 0644. All…

  • CVE-2025-53819HigJul 14, 2025
    risk 0.44cvss 7.9epss 0.00

    Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available.

  • CVE-2026-35535HigApr 3, 2026
    risk 0.41cvss 7.4epss 0.00

    In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

  • CVE-2024-35179MedMay 15, 2024
    risk 0.37cvss 6.8epss 0.01

    Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using `RUN_AS_USER`, the specified user (and therefore, web interface admins) can read arbitrary files as root. This issue affects admins who have set up to run stalwart with `RUN_AS_USER` who…

  • CVE-2026-25704MedMar 30, 2026
    risk 0.31cvss epss 0.00

    A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in  cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic. This issue affects cosmic-greeter…

  • CVE-2023-22648Jun 1, 2023
    risk 0.00cvss epss 0.00

    A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on…

  • CVE-2019-11243Apr 22, 2019
    risk 0.00cvss epss 0.01

    In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not…