CWE-250
AllowedExecution with Unnecessary Privileges
Abstraction: Base · Status: Draft
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
575 vulnerabilities reference this CWE, most recent first.
CVE-2020-10290 (GCVE-0-2020-10290)
Vulnerability from cvelistv5 – Published: 2020-08-21 15:05 – Updated: 2024-09-16 19:15- CWE-250 - (Execution with Unnecessary Privileges)
| URL | Tags |
|---|---|
| https://github.com/aliasrobotics/RVD/issues/1495 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Universal Robots | URx |
Affected:
unspecified
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/aliasrobotics/RVD/issues/1495"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "URx",
"vendor": "Universal Robots",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Victor Mayoral Vilches and Unai Ayucar Carbajo (Alias Robotics)"
}
],
"datePublic": "2020-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video. In our PoC we demonstrate how a malicious actor could \u0027cook\u0027 a custom URCap that when deployed by the user (intendedly or unintendedly) compromises the system"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 (Execution with Unnecessary Privileges)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-21T15:05:19.000Z",
"orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"shortName": "Alias"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aliasrobotics/RVD/issues/1495"
}
],
"source": {
"defect": [
"RVD#1495"
],
"discovery": "EXTERNAL"
},
"title": "RVD#1495: Universal Robots URCaps execute with unbounded privileges",
"x_generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@aliasrobotics.com",
"DATE_PUBLIC": "2020-08-21T15:02:38 +00:00",
"ID": "CVE-2020-10290",
"STATE": "PUBLIC",
"TITLE": "RVD#1495: Universal Robots URCaps execute with unbounded privileges"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "URx",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Universal Robots"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Victor Mayoral Vilches and Unai Ayucar Carbajo (Alias Robotics)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video. In our PoC we demonstrate how a malicious actor could \u0027cook\u0027 a custom URCap that when deployed by the user (intendedly or unintendedly) compromises the system"
}
]
},
"generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "medium",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 (Execution with Unnecessary Privileges)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/aliasrobotics/RVD/issues/1495",
"refsource": "CONFIRM",
"url": "https://github.com/aliasrobotics/RVD/issues/1495"
}
]
},
"source": {
"defect": [
"RVD#1495"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"assignerShortName": "Alias",
"cveId": "CVE-2020-10290",
"datePublished": "2020-08-21T15:05:19.977Z",
"dateReserved": "2020-03-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:15:10.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10056 (GCVE-0-2020-10056)
Vulnerability from cvelistv5 – Published: 2020-09-09 18:10 – Updated: 2024-08-04 10:50- CWE-250 - Execution with Unnecessary Privileges
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens AG | License Management Utility (LMU) |
Affected:
All versions < V2.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "License Management Utility (LMU)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in License Management Utility (LMU) (All versions \u003c V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-23T22:01:37.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-10056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "License Management Utility (LMU)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.4"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in License Management Utility (LMU) (All versions \u003c V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250: Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-10056",
"datePublished": "2020-09-09T18:10:49.000Z",
"dateReserved": "2020-03-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:50:57.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7252 (GCVE-0-2020-7252)
Vulnerability from cvelistv5 – Published: 2020-02-17 06:35 – Updated: 2024-08-04 09:25- CWE-250 - Execution with Unnecessary Privileges
| URL | Tags |
|---|---|
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| McAfee, LLC | Data Exchange Layer (DXL) Broker |
Affected:
6.0.x , ≤ 6.0.0
(custom)
Affected: 5.0.x , ≤ 5.0.2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10307"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Exchange Layer (DXL) Broker",
"vendor": "McAfee, LLC",
"versions": [
{
"lessThanOrEqual": "6.0.0",
"status": "affected",
"version": "6.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.0.2",
"status": "affected",
"version": "5.0.x",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T06:35:13.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10307"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Unquoted service executable path",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2020-7252",
"STATE": "PUBLIC",
"TITLE": "Unquoted service executable path"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Exchange Layer (DXL) Broker",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "6.0.x",
"version_value": "6.0.0"
},
{
"version_affected": "\u003c=",
"version_name": "5.0.x",
"version_value": "5.0.2"
}
]
}
}
]
},
"vendor_name": "McAfee, LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10307",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10307"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2020-7252",
"datePublished": "2020-02-17T06:35:14.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:25:48.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2023 (GCVE-0-2020-2023)
Vulnerability from cvelistv5 – Published: 2020-06-10 17:30 – Updated: 2024-09-17 01:15- CWE-250 - Execution with Unnecessary Privileges
| URL | Tags |
|---|---|
| https://github.com/kata-containers/runtime/pull/2487 | x_refsource_MISC |
| https://github.com/kata-containers/runtime/pull/2477 | x_refsource_MISC |
| https://github.com/kata-containers/runtime/issues/2488 | x_refsource_MISC |
| https://github.com/kata-containers/agent/issues/791 | x_refsource_MISC |
| https://github.com/kata-containers/agent/pull/792 | x_refsource_MISC |
| https://github.com/kata-containers/runtime/releas… | x_refsource_MISC |
| https://github.com/kata-containers/runtime/releas… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Kata Containers | Kata Containers |
Affected:
1.11 , < 1.11.1
(custom)
Affected: 1.10 , < 1.10.5 (custom) Affected: 1 , ≤ 1.9 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kata-containers/runtime/pull/2487"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kata-containers/runtime/pull/2477"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kata-containers/runtime/issues/2488"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kata-containers/agent/issues/791"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kata-containers/agent/pull/792"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kata-containers/runtime/releases/tag/1.11.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kata-containers/runtime/releases/tag/1.10.5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kata Containers",
"vendor": "Kata Containers",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "1.11",
"versionType": "custom"
},
{
"lessThan": "1.10.5",
"status": "affected",
"version": "1.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.9",
"status": "affected",
"version": "1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Affects QEMU and Cloud Hypervisor guests on the default configuration. Doesn\u0027t affect initrd (initramfs) based guests. Requires the container to have CAP_SYS_MKNOD, the default in Docker and Kubernetes with containerd, but not in Kubernetes with CRI-O."
}
],
"credits": [
{
"lang": "en",
"value": "Yuval Avrahami, Palo Alto Networks"
}
],
"datePublic": "2020-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Kata Containers doesn\u0027t restrict containers from accessing the guest\u0027s root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-10T17:30:12.000Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kata-containers/runtime/pull/2487"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kata-containers/runtime/pull/2477"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kata-containers/runtime/issues/2488"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kata-containers/agent/issues/791"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kata-containers/agent/pull/792"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kata-containers/runtime/releases/tag/1.11.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kata-containers/runtime/releases/tag/1.10.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Kata Containers - Containers have access to the guest root filesystem device",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-06-10T16:00:00.000Z",
"ID": "CVE-2020-2023",
"STATE": "PUBLIC",
"TITLE": "Kata Containers - Containers have access to the guest root filesystem device"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kata Containers",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.11",
"version_value": "1.11.1"
},
{
"version_affected": "\u003c",
"version_name": "1.10",
"version_value": "1.10.5"
},
{
"version_affected": "\u003c=",
"version_name": "1",
"version_value": "1.9"
}
]
}
}
]
},
"vendor_name": "Kata Containers"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "Affects QEMU and Cloud Hypervisor guests on the default configuration. Doesn\u0027t affect initrd (initramfs) based guests. Requires the container to have CAP_SYS_MKNOD, the default in Docker and Kubernetes with containerd, but not in Kubernetes with CRI-O."
}
],
"credit": [
{
"lang": "eng",
"value": "Yuval Avrahami, Palo Alto Networks"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kata Containers doesn\u0027t restrict containers from accessing the guest\u0027s root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kata-containers/runtime/pull/2487",
"refsource": "MISC",
"url": "https://github.com/kata-containers/runtime/pull/2487"
},
{
"name": "https://github.com/kata-containers/runtime/pull/2477",
"refsource": "MISC",
"url": "https://github.com/kata-containers/runtime/pull/2477"
},
{
"name": "https://github.com/kata-containers/runtime/issues/2488",
"refsource": "MISC",
"url": "https://github.com/kata-containers/runtime/issues/2488"
},
{
"name": "https://github.com/kata-containers/agent/issues/791",
"refsource": "MISC",
"url": "https://github.com/kata-containers/agent/issues/791"
},
{
"name": "https://github.com/kata-containers/agent/pull/792",
"refsource": "MISC",
"url": "https://github.com/kata-containers/agent/pull/792"
},
{
"name": "https://github.com/kata-containers/runtime/releases/tag/1.11.1",
"refsource": "MISC",
"url": "https://github.com/kata-containers/runtime/releases/tag/1.11.1"
},
{
"name": "https://github.com/kata-containers/runtime/releases/tag/1.10.5",
"refsource": "MISC",
"url": "https://github.com/kata-containers/runtime/releases/tag/1.10.5"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2020-2023",
"datePublished": "2020-06-10T17:30:12.051Z",
"dateReserved": "2019-12-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:15:36.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16784 (GCVE-0-2019-16784)
Vulnerability from cvelistv5 – Published: 2020-01-14 20:10 – Updated: 2024-08-05 01:24- CWE-250 - Execution with Unnecessary Privileges
| URL | Tags |
|---|---|
| https://github.com/pyinstaller/pyinstaller/securi… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| PyInstaller | PyInstaller |
Affected:
< 3.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-7fcj-pq9j-wh2r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"windows"
],
"product": "PyInstaller",
"vendor": "PyInstaller",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability was discovered and reported by Farid AYOUJIL (@faridtsl), David HA, Florent LE NIGER and Yann GASCUEL (@lnv42) from Alter Solutions (@AlterSolutions) and fixed in collaboration with Hartmut Goebel (@htgoebel)."
}
],
"descriptions": [
{
"lang": "en",
"value": "In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in \"onefile\" mode is launched by a privileged user (at least more than the current one) which have his \"TempPath\" resolving to a world writable directory. This is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\\Windows\\Temp). In order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T20:10:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-7fcj-pq9j-wh2r"
}
],
"source": {
"advisory": "GHSA-7fcj-pq9j-wh2r",
"discovery": "UNKNOWN"
},
"title": "Local Privilege Escalation present only on the Windows version of PyInstaller",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2019-16784",
"STATE": "PUBLIC",
"TITLE": "Local Privilege Escalation present only on the Windows version of PyInstaller"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PyInstaller",
"version": {
"version_data": [
{
"platform": "windows",
"version_value": "\u003c 3.6"
}
]
}
}
]
},
"vendor_name": "PyInstaller"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was discovered and reported by Farid AYOUJIL (@faridtsl), David HA, Florent LE NIGER and Yann GASCUEL (@lnv42) from Alter Solutions (@AlterSolutions) and fixed in collaboration with Hartmut Goebel (@htgoebel)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in \"onefile\" mode is launched by a privileged user (at least more than the current one) which have his \"TempPath\" resolving to a world writable directory. This is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\\Windows\\Temp). In order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-7fcj-pq9j-wh2r",
"refsource": "CONFIRM",
"url": "https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-7fcj-pq9j-wh2r"
}
]
},
"source": {
"advisory": "GHSA-7fcj-pq9j-wh2r",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2019-16784",
"datePublished": "2020-01-14T20:10:12.000Z",
"dateReserved": "2019-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:48.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16767 (GCVE-0-2019-16767)
Vulnerability from cvelistv5 – Published: 2019-11-29 17:40 – Updated: 2024-08-05 01:24- CWE-250 - Execution with Unnecessary Privileges
| URL | Tags |
|---|---|
| https://github.com/Inist-CNRS/ezmaster/security/a… | x_refsource_CONFIRM |
| https://github.com/Inist-CNRS/ezmaster/pull/51 | x_refsource_MISC |
| https://github.com/Inist-CNRS/ezmaster/blob/maste… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Inist-CNRS | ezmaster |
Affected:
< 5.2.11 , < 5.2.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:47.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Inist-CNRS/ezmaster/security/advisories/GHSA-g654-5qjf-g6cx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Inist-CNRS/ezmaster/pull/51"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Inist-CNRS/ezmaster/blob/master/CHANGELOG.md#ezmaster-5211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ezmaster",
"vendor": "Inist-CNRS",
"versions": [
{
"lessThan": "5.2.11",
"status": "affected",
"version": "\u003c 5.2.11",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The admin sys mode is now conditional and dedicated for the special case. By default, since ezmaster@5.2.11 no instance (container) is launched with advanced capabilities (not launched as root)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-29T17:40:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Inist-CNRS/ezmaster/security/advisories/GHSA-g654-5qjf-g6cx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Inist-CNRS/ezmaster/pull/51"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Inist-CNRS/ezmaster/blob/master/CHANGELOG.md#ezmaster-5211"
}
],
"source": {
"advisory": "GHSA-g654-5qjf-g6cx",
"discovery": "UNKNOWN"
},
"title": "In EzMaster before 5.2.11 docker containers were executed with advanced privileges by default",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2019-16767",
"STATE": "PUBLIC",
"TITLE": "In EzMaster before 5.2.11 docker containers were executed with advanced privileges by default"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ezmaster",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "\u003c 5.2.11",
"version_value": "5.2.11"
}
]
}
}
]
},
"vendor_name": "Inist-CNRS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The admin sys mode is now conditional and dedicated for the special case. By default, since ezmaster@5.2.11 no instance (container) is launched with advanced capabilities (not launched as root)"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Inist-CNRS/ezmaster/security/advisories/GHSA-g654-5qjf-g6cx",
"refsource": "CONFIRM",
"url": "https://github.com/Inist-CNRS/ezmaster/security/advisories/GHSA-g654-5qjf-g6cx"
},
{
"name": "https://github.com/Inist-CNRS/ezmaster/pull/51",
"refsource": "MISC",
"url": "https://github.com/Inist-CNRS/ezmaster/pull/51"
},
{
"name": "https://github.com/Inist-CNRS/ezmaster/blob/master/CHANGELOG.md#ezmaster-5211",
"refsource": "MISC",
"url": "https://github.com/Inist-CNRS/ezmaster/blob/master/CHANGELOG.md#ezmaster-5211"
}
]
},
"source": {
"advisory": "GHSA-g654-5qjf-g6cx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2019-16767",
"datePublished": "2019-11-29T17:40:14.000Z",
"dateReserved": "2019-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:47.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16765 (GCVE-0-2019-16765)
Vulnerability from cvelistv5 – Published: 2019-11-25 17:41 – Updated: 2024-08-05 01:24| URL | Tags |
|---|---|
| https://github.com/github/vscode-codeql/security/… | x_refsource_CONFIRM |
| https://github.com/github/vscode-codeql/pull/174 | x_refsource_MISC |
| https://github.com/github/vscode-codeql/blob/v1.0… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| github | vscode-codeql |
Affected:
< 1.0.1 , < 1.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:47.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/github/vscode-codeql/security/advisories/GHSA-wf4x-8mpj-r42q"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/github/vscode-codeql/pull/174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/github/vscode-codeql/blob/v1.0.1/CHANGELOG.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vscode-codeql",
"vendor": "github",
"versions": [
{
"lessThan": "1.0.1",
"status": "affected",
"version": "\u003c 1.0.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker\u0027s choosing may be executed on the user\u0027s behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to this version using Visual Studio Code Marketplace\u0027s upgrade mechanism. After upgrading, the codeQL.cli.executablePath setting can only be set in the per-user settings, and not in the per-workspace settings. More information about VS Code settings can be found here."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-25T17:41:16.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/github/vscode-codeql/security/advisories/GHSA-wf4x-8mpj-r42q"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/github/vscode-codeql/pull/174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/github/vscode-codeql/blob/v1.0.1/CHANGELOG.md"
}
],
"source": {
"advisory": "GHSA-wf4x-8mpj-r42q",
"discovery": "UNKNOWN"
},
"workarounds": [
{
"lang": "en",
"value": "Manually review the workspace settings for any workspace obtained from an external source. These settings can be found in the .vscode/settings.json file within the workspace directory. Remove the configuration values for the codeQL.cli.executablePath, codeQL.cli.owner, and codeQL.cli.repository settings for the workspace.\n\nIf you wish to use the codeQL.cli.executablePath setting to indicate the location of a CodeQL CLI executable, then move this to your user settings, and check that you trust the configured path. You can access the user settings by choosing Preferences: Open User Settings from the Command Palette."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2019-16765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vscode-codeql",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "\u003c 1.0.1",
"version_value": "1.0.1"
}
]
}
}
]
},
"vendor_name": "github"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker\u0027s choosing may be executed on the user\u0027s behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to this version using Visual Studio Code Marketplace\u0027s upgrade mechanism. After upgrading, the codeQL.cli.executablePath setting can only be set in the per-user settings, and not in the per-workspace settings. More information about VS Code settings can be found here."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/github/vscode-codeql/security/advisories/GHSA-wf4x-8mpj-r42q",
"refsource": "CONFIRM",
"url": "https://github.com/github/vscode-codeql/security/advisories/GHSA-wf4x-8mpj-r42q"
},
{
"name": "https://github.com/github/vscode-codeql/pull/174",
"refsource": "MISC",
"url": "https://github.com/github/vscode-codeql/pull/174"
},
{
"name": "https://github.com/github/vscode-codeql/blob/v1.0.1/CHANGELOG.md",
"refsource": "MISC",
"url": "https://github.com/github/vscode-codeql/blob/v1.0.1/CHANGELOG.md"
}
]
},
"source": {
"advisory": "GHSA-wf4x-8mpj-r42q",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Manually review the workspace settings for any workspace obtained from an external source. These settings can be found in the .vscode/settings.json file within the workspace directory. Remove the configuration values for the codeQL.cli.executablePath, codeQL.cli.owner, and codeQL.cli.repository settings for the workspace.\n\nIf you wish to use the codeQL.cli.executablePath setting to indicate the location of a CodeQL CLI executable, then move this to your user settings, and check that you trust the configured path. You can access the user settings by choosing Preferences: Open User Settings from the Command Palette."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2019-16765",
"datePublished": "2019-11-25T17:41:17.000Z",
"dateReserved": "2019-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:47.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15790 (GCVE-0-2019-15790)
Vulnerability from cvelistv5 – Published: 2020-04-27 23:25 – Updated: 2025-11-03 19:25- CWE-250 - Execution with Unnecessary Privileges
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:25:26.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795"
},
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/4171-1/"
},
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/4171-2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/4171-3/"
},
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/4171-4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/4171-5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/apport/+bug/1854237"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jun/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.14.1-0ubuntu3.29+esm3",
"status": "affected",
"version": "2.14.1",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.22",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.12",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "2.20.11-0ubuntu16",
"status": "unaffected"
}
],
"lessThan": "2.20.11-0ubuntu8.6",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kevin Backhouse"
}
],
"datePublic": "2019-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795"
},
{
"url": "https://usn.ubuntu.com/4171-1/"
},
{
"url": "https://usn.ubuntu.com/4171-2/"
},
{
"url": "https://usn.ubuntu.com/4171-3/"
},
{
"url": "https://usn.ubuntu.com/4171-4/"
},
{
"url": "https://usn.ubuntu.com/4171-5/"
},
{
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929"
},
{
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806"
},
{
"url": "https://bugs.launchpad.net/apport/+bug/1854237"
},
{
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/4171-1/",
"defect": [
"https://launchpad.net/bugs/1839795"
],
"discovery": "EXTERNAL"
},
"title": "Apport reads PID files with elevated privileges",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-15790",
"datePublished": "2020-04-27T23:25:19.961Z",
"dateReserved": "2019-08-29T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:25:26.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-10168 (GCVE-0-2019-10168)
Vulnerability from cvelistv5 – Published: 2019-08-02 12:08 – Updated: 2024-08-04 22:10| URL | Tags |
|---|---|
| https://access.redhat.com/libvirt-privesc-vulnera… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/202003-18 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:10.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "libvirt",
"versions": [
{
"status": "affected",
"version": "4.x.x before 4.10.1"
},
{
"status": "affected",
"version": "5.x.x before 5.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an \"emulator\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain\u0027s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T04:06:03.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "4.x.x before 4.10.1"
},
{
"version_value": "5.x.x before 5.4.1"
}
]
}
}
]
},
"vendor_name": "libvirt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an \"emulator\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain\u0027s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/libvirt-privesc-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168"
},
{
"name": "GLSA-202003-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10168",
"datePublished": "2019-08-02T12:08:14.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:10:10.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10167 (GCVE-0-2019-10167)
Vulnerability from cvelistv5 – Published: 2019-08-02 12:05 – Updated: 2024-08-04 22:10| URL | Tags |
|---|---|
| https://access.redhat.com/libvirt-privesc-vulnera… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/202003-18 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libvirt",
"vendor": "libvirt",
"versions": [
{
"status": "affected",
"version": "4.x.x before 4.10.1"
},
{
"status": "affected",
"version": "5.x.x before 5.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an \"emulatorbin\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain\u0027s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T04:06:02.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167"
},
{
"name": "GLSA-202003-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libvirt",
"version": {
"version_data": [
{
"version_value": "4.x.x before 4.10.1"
},
{
"version_value": "5.x.x before 5.4.1"
}
]
}
}
]
},
"vendor_name": "libvirt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an \"emulatorbin\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain\u0027s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/libvirt-privesc-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/libvirt-privesc-vulnerabilities"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167"
},
{
"name": "GLSA-202003-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10167",
"datePublished": "2019-08-02T12:05:52.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:10:09.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Mitigation MIT-18
Strategy: Separation of Privilege
Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators.
Mitigation MIT-18
Strategy: Attack Surface Reduction
Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators.
Mitigation
Perform extensive input validation for any privileged code that must be exposed to the user and reject anything that does not fit your strict requirements.
Mitigation MIT-19
When dropping privileges, ensure that they have been dropped successfully to avoid CWE-273. As protection mechanisms in the environment get stronger, privilege-dropping calls may fail even if it seems like they would always succeed.
Mitigation
If circumstances force you to run with extra privileges, then determine the minimum access level necessary. First identify the different permissions that the software and its users will need to perform their actions, such as file read and write permissions, network socket permissions, and so forth. Then explicitly allow those actions while denying all else [REF-76]. Perform extensive input validation and canonicalization to minimize the chances of introducing a separate vulnerability. This mitigation is much more prone to error than dropping the privileges in the first place.
Mitigation MIT-37
Strategy: Environment Hardening
Ensure that the software runs properly under the United States Government Configuration Baseline (USGCB) [REF-199] or an equivalent hardening configuration guide, which many organizations use to limit the attack surface and potential risk of deployed software.
CAPEC-104: Cross Zone Scripting
An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security.
CAPEC-470: Expanding Control over the Operating System from the Database
An attacker is able to leverage access gained to the database to read / write data to the file system, compromise the operating system, create a tunnel for accessing the host machine, and use this access to potentially attack other machines on the same network as the database machine. Traditionally SQL injections attacks are viewed as a way to gain unauthorized read access to the data stored in the database, modify the data in the database, delete the data, etc. However, almost every data base management system (DBMS) system includes facilities that if compromised allow an attacker complete access to the file system, operating system, and full access to the host running the database. The attacker can then use this privileged access to launch subsequent attacks. These facilities include dropping into a command shell, creating user defined functions that can call system level libraries present on the host machine, stored procedures, etc.
CAPEC-69: Target Programs with Elevated Privileges
This attack targets programs running with elevated privileges. The adversary tries to leverage a vulnerability in the running program and get arbitrary code to execute with elevated privileges.