VYPR

CWE-842

Placement of User into Incorrect Group

BaseIncomplete

Description

The product or the administrator places a user into an incorrect group.

If the incorrect group has more access or privileges than the intended group, the user might be able to bypass intended security policy to access unexpected resources or perform unexpected actions. The access-control system might not be able to detect malicious usage of this group membership.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (5)

  • CVE-2024-9412HigOct 8, 2024
    risk 0.55cvss epss 0.00

    An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If…

  • CVE-2026-6970HigApr 27, 2026
    risk 0.40cvss epss 0.00

    authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the…

  • CVE-2023-25575Feb 28, 2023
    risk 0.00cvss epss 0.01

    API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the `security` option of the `ApiPlatform\Metadata\ApiProperty` attribute can be disclosed to unauthorized users. The problem affects most serialization…

  • CVE-2022-2990Sep 13, 2022
    risk 0.00cvss epss 0.00

    An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access…

  • CVE-2022-2989Sep 13, 2022
    risk 0.00cvss epss 0.00

    An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access…