CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-MXCH-2CPM-8XJW
Vulnerability from github – Published: 2025-04-14 12:30 – Updated: 2025-04-14 12:30A vulnerability classified as problematic has been found in huanfenz/code-projects StudentManager up to 1.0. This affects an unknown part of the component Teacher String Handler. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-3564"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-14T12:15:16Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as problematic has been found in huanfenz/code-projects StudentManager up to 1.0. This affects an unknown part of the component Teacher String Handler. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-mxch-2cpm-8xjw",
"modified": "2025-04-14T12:30:37Z",
"published": "2025-04-14T12:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3564"
},
{
"type": "WEB",
"url": "https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/StudentManager-authority.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.304605"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.304605"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.549309"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MXM9-6HJ4-G563
Vulnerability from github – Published: 2026-03-08 15:30 – Updated: 2026-03-08 15:30A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
{
"affected": [],
"aliases": [
"CVE-2026-3738"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-08T14:15:54Z",
"severity": "MODERATE"
},
"details": "A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.",
"id": "GHSA-mxm9-6hj4-g563",
"modified": "2026-03-08T15:30:30Z",
"published": "2026-03-08T15:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3738"
},
{
"type": "WEB",
"url": "https://github.com/hiranerakkot/Pet-Grooming-Software/blob/main/Vulnerability_2.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.349716"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.349716"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.767321"
},
{
"type": "WEB",
"url": "https://www.sourcecodester.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-P2QQ-M885-CM42
Vulnerability from github – Published: 2026-05-01 00:31 – Updated: 2026-05-01 00:31A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version 3.9.0 mitigates this issue. Patch name: 406022e79f4a18b3070a446712080571eff11e30. You should upgrade the affected component.
{
"affected": [],
"aliases": [
"CVE-2026-7505"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-30T23:16:20Z",
"severity": "MODERATE"
},
"details": "A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version 3.9.0 mitigates this issue. Patch name: 406022e79f4a18b3070a446712080571eff11e30. You should upgrade the affected component.",
"id": "GHSA-p2qq-m885-cm42",
"modified": "2026-05-01T00:31:28Z",
"published": "2026-05-01T00:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7505"
},
{
"type": "WEB",
"url": "https://github.com/nextlevelbuilder/goclaw/issues/866"
},
{
"type": "WEB",
"url": "https://github.com/nextlevelbuilder/goclaw/pull/950"
},
{
"type": "WEB",
"url": "https://github.com/nextlevelbuilder/goclaw/commit/406022e79f4a18b3070a446712080571eff11e30"
},
{
"type": "WEB",
"url": "https://github.com/nextlevelbuilder/goclaw"
},
{
"type": "WEB",
"url": "https://github.com/nextlevelbuilder/goclaw/releases/tag/v3.9.0"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/803458"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/360314"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/360314/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-P3FV-JQ23-QG6F
Vulnerability from github – Published: 2026-01-04 03:30 – Updated: 2026-01-04 03:30A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function saveUserRole of the file warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component Request Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified.
{
"affected": [],
"aliases": [
"CVE-2026-0574"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-04T02:15:41Z",
"severity": "MODERATE"
},
"details": "A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function saveUserRole of the file warehouse\\src\\main\\java\\com\\yeqifu\\sys\\controller\\UserController.java of the component Request Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified.",
"id": "GHSA-p3fv-jq23-qg6f",
"modified": "2026-01-04T03:30:27Z",
"published": "2026-01-04T03:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0574"
},
{
"type": "WEB",
"url": "https://github.com/5i1encee/Vul/blob/main/Vertical_privilege_escalation_Vulnerability_in_Project_yeqifu_warehouse.md"
},
{
"type": "WEB",
"url": "https://github.com/5i1encee/Vul/blob/main/Vertical_privilege_escalation_Vulnerability_in_Project_yeqifu_warehouse.md#poc"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.339458"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.339458"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.729374"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-P3QF-G93W-J952
Vulnerability from github – Published: 2025-09-26 00:31 – Updated: 2025-09-26 00:31A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-10981"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-26T00:15:37Z",
"severity": "MODERATE"
},
"details": "A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-p3qf-g93w-j952",
"modified": "2025-09-26T00:31:19Z",
"published": "2025-09-26T00:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10981"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.325852"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.325852"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.653341"
},
{
"type": "WEB",
"url": "https://www.cnblogs.com/aibot/p/19063356"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-P3RQ-F799-8PW3
Vulnerability from github – Published: 2024-11-01 12:30 – Updated: 2024-11-05 09:30A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2024-10654"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-01T12:15:03Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-p3rq-f799-8pw3",
"modified": "2024-11-05T09:30:37Z",
"published": "2024-11-01T12:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10654"
},
{
"type": "WEB",
"url": "https://github.com/c0nyy/IoT_vuln/blob/main/TOTOLINK%20LR350%20Vuln.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.282667"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.282667"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.434801"
},
{
"type": "WEB",
"url": "https://www.totolink.net"
},
{
"type": "WEB",
"url": "https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/231/ids/36.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-P43R-VVQQ-VQCJ
Vulnerability from github – Published: 2025-01-24 18:31 – Updated: 2025-01-24 18:31IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file.
{
"affected": [],
"aliases": [
"CVE-2024-35122"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-24T18:15:31Z",
"severity": "LOW"
},
"details": "IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file.",
"id": "GHSA-p43r-vvqq-vqcj",
"modified": "2025-01-24T18:31:13Z",
"published": "2025-01-24T18:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35122"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7178317"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-P56J-X44H-G66J
Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2023-12-22 15:00A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.61"
},
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:script-security"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.62"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-10355"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-704"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-28T22:57:34Z",
"nvd_published_at": "2019-07-31T13:15:00Z",
"severity": "HIGH"
},
"details": "A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.",
"id": "GHSA-p56j-x44h-g66j",
"modified": "2023-12-22T15:00:19Z",
"published": "2022-05-24T16:51:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10355"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/script-security-plugin/commit/5dc2e2465f309c772237a4b2de9caf61ba9b585b"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2594"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2651"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2662"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/script-security-plugin"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/07/31/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Incorrect Privilege Assignment in Jenkins Script Security Plugin"
}
GHSA-P5F2-H5FV-XRRX
Vulnerability from github – Published: 2024-10-10 00:31 – Updated: 2024-10-11 21:31The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted.
{
"affected": [],
"aliases": [
"CVE-2024-48941"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-10T00:15:02Z",
"severity": "MODERATE"
},
"details": "The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted.",
"id": "GHSA-p5f2-h5fv-xrrx",
"modified": "2024-10-11T21:31:34Z",
"published": "2024-10-10T00:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48941"
},
{
"type": "WEB",
"url": "https://syracom-bee.atlassian.net/wiki/spaces/SL/pages/3236560898/2024-09-16+-+Secure+Login+security+advisory+-+Insecure+default+configuration"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P668-4PCG-FGMF
Vulnerability from github – Published: 2026-02-06 00:30 – Updated: 2026-02-06 00:30A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch name: 545566f5663545d16174e0f2399f231aa693ab6e. It is advisable to upgrade the affected component.
{
"affected": [],
"aliases": [
"CVE-2026-1964"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-05T22:15:53Z",
"severity": "MODERATE"
},
"details": "A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch name: 545566f5663545d16174e0f2399f231aa693ab6e. It is advisable to upgrade the affected component.",
"id": "GHSA-p668-4pcg-fgmf",
"modified": "2026-02-06T00:30:26Z",
"published": "2026-02-06T00:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1964"
},
{
"type": "WEB",
"url": "https://github.com/wekan/wekan/commit/545566f5663545d16174e0f2399f231aa693ab6e"
},
{
"type": "WEB",
"url": "https://github.com/wekan/wekan"
},
{
"type": "WEB",
"url": "https://github.com/wekan/wekan/releases/tag/v8.21"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.344486"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.344486"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.742680"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.