CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-MFP5-C75H-8M74
Vulnerability from github – Published: 2025-04-16 09:32 – Updated: 2025-04-16 15:34A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-3674"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-16T07:15:42Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-mfp5-c75h-8m74",
"modified": "2025-04-16T15:34:30Z",
"published": "2025-04-16T09:32:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3674"
},
{
"type": "WEB",
"url": "https://lavender-bicycle-a5a.notion.site/TOTOLINK-A3700R-setUrlFilterRules-1cb53a41781f808f9547da7748580914"
},
{
"type": "WEB",
"url": "https://lavender-bicycle-a5a.notion.site/TOTOLINK-A3700R-setUrlFilterRules-1cb53a41781f808f9547da7748580914?pvs=4"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.304963"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.304963"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.551302"
},
{
"type": "WEB",
"url": "https://www.totolink.net"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MFW5-8R4W-R3X5
Vulnerability from github – Published: 2025-11-06 18:32 – Updated: 2026-01-20 15:31Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a through <= 4.2.
{
"affected": [],
"aliases": [
"CVE-2025-60195"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-06T16:16:04Z",
"severity": "CRITICAL"
},
"details": "Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a through \u003c= 4.2.",
"id": "GHSA-mfw5-8r4w-r3x5",
"modified": "2026-01-20T15:31:49Z",
"published": "2025-11-06T18:32:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60195"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/atarim-visual-collaboration/vulnerability/wordpress-atarim-plugin-4-2-privilege-escalation-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/atarim-visual-collaboration/vulnerability/wordpress-atarim-plugin-4-2-privilege-escalation-vulnerability"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/atarim-visual-collaboration/vulnerability/wordpress-atarim-plugin-4-2-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MG7W-C9X2-XH7R
Vulnerability from github – Published: 2025-01-03 16:12 – Updated: 2025-01-03 19:25Impact
What kind of vulnerability is it? Who is impacted?
The PULL mode clusters registered with the karmadactl register command have excessive privileges to access control plane resources. By abusing these permissions, an attacker able to authenticate as the karmada-agent to a karmada cluster would be able to obtain administrative privileges over the entire federation system including all registered member clusters.
Patches
Has the problem been patched? What versions should users upgrade to?
Since Karmada v1.12.0, command karmadactl register restricts the access permissions of pull mode member clusters to control plane resources. This way, an attacker able to authenticate as the karmada-agent cannot control other member clusters in Karmada.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Restricts the access permissions of pull mode member clusters to control plane resources according to Karmada Component Permissions Docs.
References
Are there any links users can visit to find out more? 1. Enhancements made from the Karmada community: https://github.com/karmada-io/karmada/pull/5793 2. Karmada Component Permissions: https://karmada.io/docs/administrator/security/component-permission
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/karmada-io/karmada"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-56513"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-03T16:12:03Z",
"nvd_published_at": "2025-01-03T17:15:08Z",
"severity": "HIGH"
},
"details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\nThe [PULL](https://karmada.io/docs/next/userguide/clustermanager/cluster-registration#pull-mode) mode clusters registered with the `karmadactl register` command have excessive privileges to access control plane resources. By abusing these permissions, an attacker able to authenticate as the karmada-agent to a karmada cluster would be able to obtain administrative privileges over the entire federation system including all registered member clusters.\n\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\nSince Karmada v1.12.0, command `karmadactl register` restricts the access permissions of pull mode member clusters to control plane resources. This way, an attacker able to authenticate as the karmada-agent cannot control other member clusters in Karmada.\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nRestricts the access permissions of pull mode member clusters to control plane resources according to [Karmada Component Permissions Docs](https://karmada.io/docs/administrator/security/component-permission).\n### References\n_Are there any links users can visit to find out more?_\n 1. Enhancements made from the Karmada community: https://github.com/karmada-io/karmada/pull/5793\n 2. Karmada Component Permissions: https://karmada.io/docs/administrator/security/component-permission\n",
"id": "GHSA-mg7w-c9x2-xh7r",
"modified": "2025-01-03T19:25:48Z",
"published": "2025-01-03T16:12:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/karmada-io/karmada/security/advisories/GHSA-mg7w-c9x2-xh7r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56513"
},
{
"type": "WEB",
"url": "https://github.com/karmada-io/karmada/pull/5793"
},
{
"type": "WEB",
"url": "https://github.com/karmada-io/karmada/commit/2c82055c4c7f469411b1ba48c4dba4841df04831"
},
{
"type": "PACKAGE",
"url": "https://github.com/karmada-io/karmada"
},
{
"type": "WEB",
"url": "https://karmada.io/docs/administrator/security/component-permission"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Karmada PULL Mode Cluster Privilege Escalation"
}
GHSA-MGH2-3CF4-78R5
Vulnerability from github – Published: 2022-11-02 12:00 – Updated: 2022-11-03 19:00This issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system.
{
"affected": [],
"aliases": [
"CVE-2022-42825"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-01T20:15:00Z",
"severity": "MODERATE"
},
"details": "This issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system.",
"id": "GHSA-mgh2-3cf4-78r5",
"modified": "2022-11-03T19:00:28Z",
"published": "2022-11-02T12:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42825"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213488"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213489"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213491"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213492"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213493"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213494"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MGJ3-965M-6684
Vulnerability from github – Published: 2026-04-01 21:30 – Updated: 2026-04-01 21:30A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
{
"affected": [],
"aliases": [
"CVE-2026-5312"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-01T21:17:03Z",
"severity": "MODERATE"
},
"details": "A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.",
"id": "GHSA-mgj3-965m-6684",
"modified": "2026-04-01T21:30:32Z",
"published": "2026-04-01T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5312"
},
{
"type": "WEB",
"url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_172/172.md"
},
{
"type": "WEB",
"url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_173/173.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/780442"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/780443"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/354641"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/354641/cti"
},
{
"type": "WEB",
"url": "https://www.dlink.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MGM7-V27R-X559
Vulnerability from github – Published: 2024-03-28 03:30 – Updated: 2025-10-15 15:30A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated as critical. This issue affects some unknown processing of the file /tools/test_login.php?action=register of the component User Registration. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258299. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-3013"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-285"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-28T01:15:47Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated as critical. This issue affects some unknown processing of the file /tools/test_login.php?action=register of the component User Registration. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258299. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-mgm7-v27r-x559",
"modified": "2025-10-15T15:30:18Z",
"published": "2024-03-28T03:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3013"
},
{
"type": "WEB",
"url": "https://h0e4a0r1t.github.io/2024/vulns/FLIR-AX8%20Fixed%20Thermal%20Cameras%20Register%20any%20user%20in%20the%20background--test_login.php.pdf"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.258299"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.258299"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.301588"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MGWR-H7MV-FH29
Vulnerability from github – Published: 2024-08-29 18:00 – Updated: 2024-11-18 16:27Impact
What kind of vulnerability is it? Who is impacted? This ClusterRole has * verbs of * resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation.
Patches
Has the problem been patched? What versions should users upgrade to?
= v0.14.6
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading? Update and Limit the ClusterRole using security-role.
References
Are there any links users can visit to find out more? issues: https://github.com/hwameistor/hwameistor/issues/1457 https://github.com/hwameistor/hwameistor/issues/1460
also reported by users via mails: sparkEchooo, younaman
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.14.5"
},
"package": {
"ecosystem": "Go",
"name": "github.com/hwameistor/hwameistor"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.14.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-45054"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-266"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-29T18:00:45Z",
"nvd_published_at": "2024-08-28T20:15:08Z",
"severity": "MODERATE"
},
"details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\nThis ClusterRole has * verbs of * resources. If a malicious user can access the worker node which has hwameistor\u0027s deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\u003e= v0.14.6\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\nUpdate and Limit the ClusterRole using [security-role](https://github.com/hwameistor/hwameistor/blob/main/helm/hwameistor/templates/clusterrole.yaml).\n\n### References\n_Are there any links users can visit to find out more?_\nissues:\nhttps://github.com/hwameistor/hwameistor/issues/1457\nhttps://github.com/hwameistor/hwameistor/issues/1460\n\nalso reported by users via mails: \n[sparkEchooo](https://github.com/sparkEchooo), [younaman](https://github.com/younaman)\n",
"id": "GHSA-mgwr-h7mv-fh29",
"modified": "2024-11-18T16:27:08Z",
"published": "2024-08-29T18:00:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/hwameistor/hwameistor/security/advisories/GHSA-mgwr-h7mv-fh29"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45054"
},
{
"type": "WEB",
"url": "https://github.com/hwameistor/hwameistor/issues/1457"
},
{
"type": "WEB",
"url": "https://github.com/hwameistor/hwameistor/issues/1460"
},
{
"type": "WEB",
"url": "https://github.com/hwameistor/hwameistor/commit/edf4cebed73cadd230bf97eab65c5311f2858450"
},
{
"type": "PACKAGE",
"url": "https://github.com/hwameistor/hwameistor"
},
{
"type": "WEB",
"url": "https://github.com/hwameistor/hwameistor/blob/main/helm/hwameistor/templates/clusterrole.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Hwameistor Potential Permission Leakage of Cluster Level "
}
GHSA-MH6M-7983-2R5W
Vulnerability from github – Published: 2026-06-12 00:31 – Updated: 2026-06-12 00:31Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation.
This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4.
{
"affected": [],
"aliases": [
"CVE-2026-49060"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-11T22:16:57Z",
"severity": "CRITICAL"
},
"details": "Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation.\n\nThis issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4.",
"id": "GHSA-mh6m-7983-2r5w",
"modified": "2026-06-12T00:31:56Z",
"published": "2026-06-12T00:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49060"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/hippoo/vulnerability/wordpress-hippoo-mobile-app-for-woocommerce-plugin-1-9-4-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJ6P-P843-X5WC
Vulnerability from github – Published: 2025-11-12 18:31 – Updated: 2025-11-14 21:39A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with ClusterRole upon deployment of the Namespace-Scoped Custom Resource MonitorStack. This issue allows an adversarial Kubernetes Account with only namespaced-level roles, for example, a tenant controlling a namespace, to create a MonitorStack in the authorized namespace and then elevate permission to the cluster level by impersonating the ServiceAccount created by the Operator, resulting in privilege escalation and other issues.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/rhobs/observability-operator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-2843"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-14T21:39:19Z",
"nvd_published_at": "2025-11-12T17:15:37Z",
"severity": "HIGH"
},
"details": "A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with *ClusterRole* upon deployment of the *Namespace-Scoped* Custom Resource MonitorStack. This issue allows an adversarial Kubernetes Account with only namespaced-level roles, for example, a tenant controlling a namespace, to create a MonitorStack in the authorized namespace and then elevate permission to the cluster level by impersonating the ServiceAccount created by the Operator, resulting in privilege escalation and other issues.",
"id": "GHSA-mj6p-p843-x5wc",
"modified": "2025-11-14T21:39:19Z",
"published": "2025-11-12T18:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2843"
},
{
"type": "WEB",
"url": "https://github.com/rhobs/observability-operator/commit/98b927fab755decd6e030ac6af5c005879bab020"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:21146"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-2843"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355222"
},
{
"type": "PACKAGE",
"url": "https://github.com/rhobs/observability-operator"
},
{
"type": "WEB",
"url": "https://github.com/rhobs/observability-operator/releases/tag/v1.3.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Observability Operator is vulnerable to Incorrect Privilege Assignment through its Custom Resource MonitorStack"
}
GHSA-MJM5-XQG6-V939
Vulnerability from github – Published: 2025-12-28 09:30 – Updated: 2025-12-28 09:30A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departId results in improper authorization. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-15125"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-28T07:15:53Z",
"severity": "LOW"
},
"details": "A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departId results in improper authorization. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-mjm5-xqg6-v939",
"modified": "2025-12-28T09:30:27Z",
"published": "2025-12-28T09:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15125"
},
{
"type": "WEB",
"url": "https://github.com/Hwwg/cve/issues/38"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.338503"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.338503"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.711777"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.