CWE-273
Improper Check for Dropped Privileges
Description
The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
Hierarchy (View 1000)
CVEs mapped to this weakness (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6972 | Cri | 0.68 | 9.8 | 0.15 | Mar 22, 2017 | AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971. | ||
| CVE-2025-1003 | Hig | 0.55 | — | 0.00 | Feb 4, 2025 | A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability. | ||
| CVE-2026-0099 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for… | ||
| CVE-2006-2916 | Hig | 0.51 | 7.8 | 0.00 | Jun 15, 2006 | artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges. | ||
| CVE-2026-32107 | Hig | 0.50 | 8.8 | 0.00 | Apr 17, 2026 | xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and… | ||
| CVE-2026-21882 | — | Hig | 0.48 | 8.4 | 0.00 | Mar 2, 2026 | theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0. | |
| CVE-2026-44073 | Med | 0.26 | 5.0 | 0.00 | May 21, 2026 | Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error conditions. | ||
| CVE-2023-0657 | Low | 0.22 | 3.4 | 0.00 | Nov 17, 2024 | A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions. | ||
| CVE-2024-21848 | 0.00 | — | 0.00 | Apr 5, 2024 | Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel | |||
| CVE-2024-25420 | — | 0.00 | — | 0.01 | Mar 26, 2024 | An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component. | ||
| CVE-2021-37839 | 0.00 | — | 0.01 | Jul 6, 2022 | Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics. | |||
| CVE-2021-36372 | — | 0.00 | — | 0.02 | Nov 19, 2021 | In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked. | ||
| CVE-2019-14879 | — | 0.00 | — | 0.01 | Jan 7, 2020 | A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable). | ||
| CVE-2015-0278 | 0.00 | — | 0.03 | May 18, 2015 | libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. |
- risk 0.68cvss 9.8epss 0.15
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.
- risk 0.55cvss —epss 0.00
A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability.
- risk 0.51cvss 7.8epss 0.00
In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…
- risk 0.51cvss 7.8epss 0.00
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
- risk 0.50cvss 8.8epss 0.00
xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and…
- risk 0.48cvss 8.4epss 0.00
theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0.
- risk 0.26cvss 5.0epss 0.00
Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error conditions.
- risk 0.22cvss 3.4epss 0.00
A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.
- CVE-2024-21848Apr 5, 2024risk 0.00cvss —epss 0.00
Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel
- CVE-2024-25420Mar 26, 2024risk 0.00cvss —epss 0.01
An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.
- CVE-2021-37839Jul 6, 2022risk 0.00cvss —epss 0.01
Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.
- CVE-2021-36372Nov 19, 2021risk 0.00cvss —epss 0.02
In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.
- CVE-2019-14879Jan 7, 2020risk 0.00cvss —epss 0.01
A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).
- CVE-2015-0278May 18, 2015risk 0.00cvss —epss 0.03
libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.