VYPR

CWE-273

Improper Check for Dropped Privileges

BaseIncompleteLikelihood: Medium

Description

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

If the drop fails, the product will continue to run with the raised privileges, which might provide additional access to unprivileged users.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (14)

  • CVE-2017-6972CriMar 22, 2017
    risk 0.68cvss 9.8epss 0.15

    AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.

  • CVE-2025-1003HigFeb 4, 2025
    risk 0.55cvss epss 0.00

    A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability.

  • CVE-2026-0099HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…

  • CVE-2006-2916HigJun 15, 2006
    risk 0.51cvss 7.8epss 0.00

    artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.

  • CVE-2026-32107HigApr 17, 2026
    risk 0.50cvss 8.8epss 0.00

    xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and…

  • CVE-2026-21882HigMar 2, 2026
    risk 0.48cvss 8.4epss 0.00

    theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0.

  • CVE-2026-44073MedMay 21, 2026
    risk 0.26cvss 5.0epss 0.00

    Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error conditions.

  • CVE-2023-0657LowNov 17, 2024
    risk 0.22cvss 3.4epss 0.00

    A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.

  • CVE-2024-21848Apr 5, 2024
    risk 0.00cvss epss 0.00

    Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel

  • CVE-2024-25420Mar 26, 2024
    risk 0.00cvss epss 0.01

    An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.

  • CVE-2021-37839Jul 6, 2022
    risk 0.00cvss epss 0.01

    Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

  • CVE-2021-36372Nov 19, 2021
    risk 0.00cvss epss 0.02

    In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.

  • CVE-2019-14879Jan 7, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).

  • CVE-2015-0278May 18, 2015
    risk 0.00cvss epss 0.03

    libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.