CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5455 vulnerabilities reference this CWE, most recent first.
GHSA-VCPF-HJM3-54FR
Vulnerability from github – Published: 2026-03-25 03:31 – Updated: 2026-03-26 15:30A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access protected user data.
{
"affected": [],
"aliases": [
"CVE-2026-20607"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T01:17:03Z",
"severity": "MODERATE"
},
"details": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access protected user data.",
"id": "GHSA-vcpf-hjm3-54fr",
"modified": "2026-03-26T15:30:31Z",
"published": "2026-03-25T03:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20607"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126794"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126795"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126796"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VCQH-2Q2G-PGC3
Vulnerability from github – Published: 2022-09-25 00:00 – Updated: 2025-05-22 21:30The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.
{
"affected": [],
"aliases": [
"CVE-2022-30121"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-23T14:15:00Z",
"severity": "HIGH"
},
"details": "The \u201cLANDesk(R) Management Agent\u201d service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.",
"id": "GHSA-vcqh-2q2g-pgc3",
"modified": "2025-05-22T21:30:35Z",
"published": "2022-09-25T00:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30121"
},
{
"type": "WEB",
"url": "https://forums.ivanti.com/s/article/Security-Advisory-for-Ivanti-Endpoint-Manager-Client-CVE-2022-30121?language=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VCR7-Q7V7-V84F
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2021-27091"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-13T20:15:00Z",
"severity": "HIGH"
},
"details": "RPC Endpoint Mapper Service Elevation of Privilege Vulnerability",
"id": "GHSA-vcr7-q7v7-v84f",
"modified": "2022-05-24T17:47:16Z",
"published": "2022-05-24T17:47:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27091"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27091"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VF6J-6739-78M8
Vulnerability from github – Published: 2026-03-03 14:48 – Updated: 2026-03-03 14:48A bug has been identified in which permission changes in Azure AD are not reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example, to a lower privileged group, or are removed from a group, thus retaining their access to Rancher instead of losing it.
Impact
This issue only affects Rancher instances with Azure AD integration enabled, regardless of the automatically refreshing settings which are enabled by default. The users that obtained a token (or kubeconfig) to access Rancher through the following sessions are affected by this issue:
1) Users using the Rancher UI.
2) Users using kubectl based on a kubeconfig downloaded through the Rancher UI.
3) Tokens created via the Rancher UI Create API Key feature.
Note that the permission caching is persisted even when the Rancher Manager pod is restarted. The only way for a user to get the new permissions is to logout and login again.
Patches
Patched versions include releases 2.6.13, 2.7.4 and later versions.
For more information
If you have any questions or comments about this advisory:
- Reach out to the SUSE Rancher Security team for security related inquiries.
- Open an issue in the Rancher repository.
- Verify with our support matrix and product support lifecycle.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.7"
},
{
"fixed": "2.6.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-22648"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-271",
"CWE-384"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-03T14:48:41Z",
"nvd_published_at": "2023-06-01T13:15:10Z",
"severity": "HIGH"
},
"details": "A bug has been identified in which permission changes in Azure AD are not reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example, to a lower privileged group, or are removed from a group, thus retaining their access to Rancher instead of losing it.\n\n### Impact\nThis issue only affects Rancher instances with Azure AD integration enabled, regardless of the [automatically refreshing settings](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/manage-users-and-groups#automatically-refreshing-user-information) which are enabled by default. The users that obtained a token (or kubeconfig) to access Rancher through the following sessions are affected by this issue:\n1) Users using the Rancher UI.\n2) Users using `kubectl` based on a `kubeconfig` downloaded through the Rancher UI.\n3) Tokens created via the Rancher UI Create API Key feature.\n\nNote that the permission caching is persisted even when the Rancher Manager pod is restarted. The only way for a user to get the new permissions is to logout and login again.\n\n### Patches\nPatched versions include releases `2.6.13`, `2.7.4` and later versions.\n\n### For more information\nIf you have any questions or comments about this advisory:\n\n- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n- Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.\n- Verify with our [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/).",
"id": "GHSA-vf6j-6739-78m8",
"modified": "2026-03-03T14:48:42Z",
"published": "2026-03-03T14:48:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-vf6j-6739-78m8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22648"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22648"
},
{
"type": "PACKAGE",
"url": "https://github.com/rancher/rancher"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Rancher\u0027s Azure AD permission changes are not reflected on active sessions"
}
GHSA-VF7W-48CM-H8XX
Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164.
{
"affected": [],
"aliases": [
"CVE-2020-1149"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-21T23:15:00Z",
"severity": "MODERATE"
},
"details": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka \u0027Windows Runtime Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164.",
"id": "GHSA-vf7w-48cm-h8xx",
"modified": "2022-05-24T17:18:31Z",
"published": "2022-05-24T17:18:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1149"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1149"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VF84-MXRQ-CRQC
Vulnerability from github – Published: 2025-08-08 14:32 – Updated: 2025-08-11 13:56Impact
Accounts with access to the highly-privileged identity entity system in the root namespace may increase their scope directly to the root policy. While the identity system always allowed adding arbitrary policies, which in turn could contain capability grants on arbitrary paths, the root policy is restricted to manual generation using unseal or recovery key shares. The global root policy is not accessible from child namespaces.
Patches
OpenBao v2.3.2 will patch this issue.
Workarounds
Use of denied_parameters in any policy which has access to the affected identity endpoints (on identity entities) may be sufficient to prohibit this type of attack.
References
This issue was disclosed to HashiCorp and is the OpenBao equivalent of the following tickets:
- https://discuss.hashicorp.com/t/hcsec-2025-13-vault-root-namespace-operator-may-elevate-token-privileges/76032
- https://nvd.nist.gov/vuln/detail/cve-2025-5999
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/openbao/openbao"
},
"ranges": [
{
"events": [
{
"introduced": "0.1.0"
},
{
"fixed": "2.3.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/openbao/openbao"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20250806193240-9b0b5d4f345f"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-54996"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-269"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-08T14:32:42Z",
"nvd_published_at": "2025-08-09T02:15:37Z",
"severity": "HIGH"
},
"details": "### Impact\n\nAccounts with access to the highly-privileged identity entity system in the root namespace may increase their scope directly to the `root` policy. While the identity system always allowed adding arbitrary policies, which in turn could contain capability grants on arbitrary paths, the `root` policy is restricted to manual generation using unseal or recovery key shares. The global `root` policy is not accessible from child namespaces.\n\n### Patches\n\nOpenBao v2.3.2 will patch this issue.\n\n### Workarounds\n\nUse of `denied_parameters` in any policy which has access to the affected identity endpoints (on [identity entities](https://openbao.org/api-docs/secret/identity/entity/)) may be sufficient to prohibit this type of attack. \n\n### References\n\nThis issue was disclosed to HashiCorp and is the OpenBao equivalent of the following tickets:\n\n- https://discuss.hashicorp.com/t/hcsec-2025-13-vault-root-namespace-operator-may-elevate-token-privileges/76032\n- https://nvd.nist.gov/vuln/detail/cve-2025-5999",
"id": "GHSA-vf84-mxrq-crqc",
"modified": "2025-08-11T13:56:25Z",
"published": "2025-08-08T14:32:42Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openbao/openbao/security/advisories/GHSA-vf84-mxrq-crqc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54996"
},
{
"type": "WEB",
"url": "https://github.com/openbao/openbao/pull/1627"
},
{
"type": "WEB",
"url": "https://github.com/openbao/openbao/commit/9b0b5d4f345fdfb1065956f042b12cbd86cd6e0f"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2025-13-vault-root-namespace-operator-may-elevate-token-privileges/76032"
},
{
"type": "PACKAGE",
"url": "https://github.com/openbao/openbao"
},
{
"type": "WEB",
"url": "https://github.com/openbao/openbao/releases/tag/v2.3.2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-5999"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "OpenBao Root Namespace Operator May Elevate Token Privileges"
}
GHSA-VF8H-2WWJ-JQ22
Vulnerability from github – Published: 2023-02-15 12:30 – Updated: 2023-06-27 21:05Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.shenyu:shenyu-admin"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-42735"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-15T18:16:56Z",
"nvd_published_at": "2023-02-15T10:15:00Z",
"severity": "HIGH"
},
"details": "Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958.",
"id": "GHSA-vf8h-2wwj-jq22",
"modified": "2023-06-27T21:05:30Z",
"published": "2023-02-15T12:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42735"
},
{
"type": "WEB",
"url": "https://github.com/apache/shenyu/pull/3958"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/shenyu"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/2k8764jmckmc19qc8x51nlnngq71pcf7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Privilege escalation in Apache ShenYu"
}
GHSA-VFGQ-G5X8-G595
Vulnerability from github – Published: 2023-03-23 19:58 – Updated: 2023-03-23 22:09A vulnerability identified in the implementation of Tailscale SSH in FreeBSD allowed commands to be run with a higher privilege group ID than that specified by Tailscale SSH access rules.
Affected platforms: FreeBSD
Patched Tailscale client versions: v1.38.2 or later
What happened?
A difference in the behavior of the FreeBSD setgroups system call from POSIX meant that the Tailscale client running on a FreeBSD-based operating system did not appropriately restrict groups on the host when using Tailscale SSH. When accessing a FreeBSD host over Tailscale SSH, the egid of the tailscaled process was used instead of that of the user specified in Tailscale SSH access rules.
Who is affected?
9 tailnets with 22 FreeBSD nodes running Tailscale SSH since Tailscale v1.34 (released on 2022-12-04) may have had Tailscale SSH sessions with a higher privilege group ID than that specified in Tailscale SSH access rules.
We have notified the affected organizations where we have security contacts.
What is the impact?
Tailscale SSH commands may have been run with a higher privilege group ID than that specified in Tailscale SSH access rules if they met all of the following criteria: * The destination node was a FreeBSD device with Tailscale SSH enabled; * Tailscale SSH access rules permitted access for non-root users; and * A non-interactive SSH session was used.
What do I need to do?
If you are running Tailscale on FreeBSD, upgrade to v1.38.2 or later to remediate the issue. Admins of a tailnet can view FreeBSD nodes with unpatched versions in the admin console.
To update the local ports tree in advance of what's available upstream, you can:
cd /usr/ports/security/tailscale- edit the Makefile to set
PORTVERSIONto1.38.2 make makesummake install
Tailscale SSH on other platforms is not affected.
Credits
We would like to thank Ryan Belgrave for reporting this issue.
References
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "tailscale.com"
},
"ranges": [
{
"events": [
{
"introduced": "1.34.0"
},
{
"fixed": "1.38.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-28436"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-23T19:58:23Z",
"nvd_published_at": "2023-03-23T20:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability identified in the implementation of Tailscale SSH in FreeBSD allowed commands to be run with a higher privilege group ID than that specified by Tailscale SSH access rules.\n\n**Affected platforms**: FreeBSD\n\n**Patched Tailscale client versions**: v1.38.2 or later\n\n### What happened?\nA difference in the behavior of the FreeBSD `setgroups` system call from POSIX meant that the Tailscale client running on a FreeBSD-based operating system did not appropriately restrict groups on the host when using Tailscale SSH. When accessing a FreeBSD host over Tailscale SSH, the egid of the tailscaled process was used instead of that of the user specified in Tailscale SSH access rules.\n\n### Who is affected?\n9 tailnets with 22 FreeBSD nodes running Tailscale SSH since Tailscale v1.34 (released on 2022-12-04) may have had Tailscale SSH sessions with a higher privilege group ID than that specified in Tailscale SSH access rules.\n\nWe have notified the affected organizations where we have [security contacts](https://tailscale.com/kb/1224/contact-preferences/#setting-the-security-issues-email).\n\n### What is the impact?\nTailscale SSH commands may have been run with a higher privilege group ID than that specified in Tailscale SSH access rules if they met all of the following criteria:\n* The destination node was a FreeBSD device with Tailscale SSH enabled;\n* Tailscale SSH access rules permitted access for non-root users; and\n* A non-interactive SSH session was used.\n\n### What do I need to do?\nIf you are running Tailscale on FreeBSD, upgrade to v1.38.2 or later to remediate the issue. Admins of a tailnet can view [FreeBSD nodes with unpatched versions](https://login.tailscale.com/admin/machines?q=version%3A%3C1.38.2+freebsd) in the admin console.\n\nTo update the local ports tree in advance of what\u0027s available upstream, you can:\n\n1. `cd /usr/ports/security/tailscale`\n2. edit the Makefile to set `PORTVERSION` to `1.38.2`\n3. `make makesum`\n4. `make install`\n\nTailscale SSH on other platforms is not affected.\n\n### Credits\nWe would like to thank [Ryan Belgrave](https://www.linkedin.com/in/rbelgrave/) for reporting this issue.\n\n### References\n* [TS-2023-003](https://tailscale.com/security-bulletins/#ts-2023-003)\n\n\n",
"id": "GHSA-vfgq-g5x8-g595",
"modified": "2023-03-23T22:09:19Z",
"published": "2023-03-23T19:58:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tailscale/tailscale/security/advisories/GHSA-vfgq-g5x8-g595"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28436"
},
{
"type": "WEB",
"url": "https://github.com/tailscale/tailscale/commit/d00c046b723dff6e3775d7d35f891403ac21a47d"
},
{
"type": "PACKAGE",
"url": "https://github.com/tailscale/tailscale"
},
{
"type": "WEB",
"url": "https://github.com/tailscale/tailscale/releases/tag/v1.38.2"
},
{
"type": "WEB",
"url": "https://tailscale.com/security-bulletins/#ts-2023-003"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process"
}
GHSA-VFJ7-PJWX-GMGC
Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191.
{
"affected": [],
"aliases": [
"CVE-2020-1124"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-21T23:15:00Z",
"severity": "MODERATE"
},
"details": "An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka \u0027Windows State Repository Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191.",
"id": "GHSA-vfj7-pjwx-gmgc",
"modified": "2022-05-24T17:18:30Z",
"published": "2022-05-24T17:18:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1124"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1124"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VFJR-R7C6-MQ2H
Vulnerability from github – Published: 2022-05-24 17:08 – Updated: 2023-02-02 21:33It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb.
{
"affected": [],
"aliases": [
"CVE-2020-1708"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-07T21:15:00Z",
"severity": "MODERATE"
},
"details": "It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb.",
"id": "GHSA-vfjr-r7c6-mq2h",
"modified": "2023-02-02T21:33:40Z",
"published": "2022-05-24T17:08:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1708"
},
{
"type": "WEB",
"url": "https://access.redhat.com/articles/4859371"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0617"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0681"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0694"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0800"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2020-1708"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793299"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1708"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.