CWE-273
AllowedImproper Check for Dropped Privileges
Abstraction: Base · Status: Incomplete
The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
54 vulnerabilities reference this CWE, most recent first.
GHSA-4HWJ-MWVM-VC26
Vulnerability from github – Published: 2023-10-04 06:30 – Updated: 2023-11-24 09:30Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability.
This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.
{
"affected": [],
"aliases": [
"CVE-2023-5369"
],
"database_specific": {
"cwe_ids": [
"CWE-273"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-04T04:15:14Z",
"severity": "HIGH"
},
"details": "Before correction, the\u00a0copy_file_range\u00a0system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability.\n\nThis incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.",
"id": "GHSA-4hwj-mwvm-vc26",
"modified": "2023-11-24T09:30:27Z",
"published": "2023-10-04T06:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5369"
},
{
"type": "WEB",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:13.capsicum.asc"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231124-0009"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5XVC-RWV8-86P7
Vulnerability from github – Published: 2024-03-26 21:30 – Updated: 2025-11-15 02:52An issue in Ignite Realtime Openfire v.4.8.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.igniterealtime.openfire:xmppserver"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.8.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-25420"
],
"database_specific": {
"cwe_ids": [
"CWE-273",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2024-03-27T21:59:21Z",
"nvd_published_at": "2024-03-26T21:15:52Z",
"severity": "HIGH"
},
"details": "An issue in Ignite Realtime Openfire v.4.8.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.",
"id": "GHSA-5xvc-rwv8-86p7",
"modified": "2025-11-15T02:52:34Z",
"published": "2024-03-26T21:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25420"
},
{
"type": "WEB",
"url": "https://github.com/igniterealtime/Openfire/pull/2411"
},
{
"type": "WEB",
"url": "https://github.com/igniterealtime/Openfire/commit/5c022bfa82d71d1710381ab395b100cdbcb8f310"
},
{
"type": "PACKAGE",
"url": "https://github.com/igniterealtime/Openfire"
},
{
"type": "WEB",
"url": "https://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/admin/AdminManager.java"
},
{
"type": "WEB",
"url": "https://github.com/igniterealtime/Openfire/releases/tag/v4.8.1"
},
{
"type": "WEB",
"url": "https://igniterealtime.atlassian.net/browse/OF-2758"
},
{
"type": "WEB",
"url": "https://www.hackthebox.com/blog/openfire-cves-explained-CVE-2024-25420-CVE-2024-25421"
},
{
"type": "WEB",
"url": "https://www.igniterealtime.org/projects/openfire"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Ignite Realtime Openfire privilege escalation vulnerability"
}
GHSA-65C8-R727-2MPJ
Vulnerability from github – Published: 2026-07-15 12:32 – Updated: 2026-07-15 12:32PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blocked_commands, blocked_paths, blocked_imports, allow_subprocess, and allow_file_write restrictions are completely ignored. Attackers can execute arbitrary subprocess commands, read sensitive files, and perform destructive operations despite explicit security policy configuration.
{
"affected": [],
"aliases": [
"CVE-2026-60085"
],
"database_specific": {
"cwe_ids": [
"CWE-273"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-15T12:18:17Z",
"severity": "HIGH"
},
"details": "PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blocked_commands, blocked_paths, blocked_imports, allow_subprocess, and allow_file_write restrictions are completely ignored. Attackers can execute arbitrary subprocess commands, read sensitive files, and perform destructive operations despite explicit security policy configuration.",
"id": "GHSA-65c8-r727-2mpj",
"modified": "2026-07-15T12:32:03Z",
"published": "2026-07-15T12:32:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-5r6c-gj4g-r697"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-60085"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/praisonai-before-unenforced-security-policy-in-subprocess-sandbox"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-66VJ-HXH5-X3JH
Vulnerability from github – Published: 2024-09-17 18:33 – Updated: 2025-10-22 00:33The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
{
"affected": [],
"aliases": [
"CVE-2024-38813"
],
"database_specific": {
"cwe_ids": [
"CWE-250",
"CWE-273"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-17T18:15:04Z",
"severity": "HIGH"
},
"details": "The vCenter Server contains a privilege escalation vulnerability.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.",
"id": "GHSA-66vj-hxh5-x3jh",
"modified": "2025-10-22T00:33:06Z",
"published": "2024-09-17T18:33:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38813"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38813"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6MM6-PP6H-9P36
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.
{
"affected": [],
"aliases": [
"CVE-2018-16466"
],
"database_specific": {
"cwe_ids": [
"CWE-273"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-30T21:29:00Z",
"severity": "HIGH"
},
"details": "Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.",
"id": "GHSA-6mm6-pp6h-9p36",
"modified": "2022-05-13T01:34:06Z",
"published": "2022-05-13T01:34:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16466"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/388515"
},
{
"type": "WEB",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-010"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-748R-5R8Q-273M
Vulnerability from github – Published: 2022-07-07 00:00 – Updated: 2023-09-05 20:16Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "apache-superset"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-37839"
],
"database_specific": {
"cwe_ids": [
"CWE-273"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-15T21:31:23Z",
"nvd_published_at": "2022-07-06T13:15:00Z",
"severity": "MODERATE"
},
"details": "Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.",
"id": "GHSA-748r-5r8q-273m",
"modified": "2023-09-05T20:16:04Z",
"published": "2022-07-07T00:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37839"
},
{
"type": "WEB",
"url": "https://github.com/apache/superset/commit/2bd89d1705347da5446902a3f65eb8d0a6353503"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/superset"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Superset allows authenticated users to access metadata they have no permission to"
}
GHSA-78XR-CMR3-FXQ9
Vulnerability from github – Published: 2025-01-17 21:31 – Updated: 2025-03-04 15:31Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2025-21399"
],
"database_specific": {
"cwe_ids": [
"CWE-273",
"CWE-426"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-17T20:15:46Z",
"severity": "HIGH"
},
"details": "Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability",
"id": "GHSA-78xr-cmr3-fxq9",
"modified": "2025-03-04T15:31:46Z",
"published": "2025-01-17T21:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21399"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21399"
},
{
"type": "WEB",
"url": "https://www.vicarius.io/vsociety/posts/elevation-of-privilege-vulnerability-in-microsoft-edge-chromium-based-detection-script"
},
{
"type": "WEB",
"url": "https://www.vicarius.io/vsociety/posts/elevation-of-privilege-vulnerability-in-microsoft-edge-chromium-based-mitigation-script"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7FPJ-9HR8-28VH
Vulnerability from github – Published: 2024-04-17 18:25 – Updated: 2024-11-18 17:28Keycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-services"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "22.0.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-services"
},
"ranges": [
{
"events": [
{
"introduced": "23.0.0"
},
{
"fixed": "24.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-0657"
],
"database_specific": {
"cwe_ids": [
"CWE-273",
"CWE-284",
"CWE-287",
"CWE-290",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-17T18:25:59Z",
"nvd_published_at": "2024-11-17T11:15:05Z",
"severity": "LOW"
},
"details": "Keycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.\n\n",
"id": "GHSA-7fpj-9hr8-28vh",
"modified": "2024-11-18T17:28:39Z",
"published": "2024-04-17T18:25:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-7fpj-9hr8-28vh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0657"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1867"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1868"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-0657"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166728"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Keycloak vulnerable to impersonation via logout token exchange"
}
GHSA-86FH-J58M-7PF5
Vulnerability from github – Published: 2021-11-23 17:57 – Updated: 2024-01-31 15:13In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.ozone:ozone-main"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-36372"
],
"database_specific": {
"cwe_ids": [
"CWE-273"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-22T19:04:02Z",
"nvd_published_at": "2021-11-19T10:15:00Z",
"severity": "CRITICAL"
},
"details": "In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.",
"id": "GHSA-86fh-j58m-7pf5",
"modified": "2024-01-31T15:13:11Z",
"published": "2021-11-23T17:57:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36372"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/ozone"
},
{
"type": "WEB",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/11/19/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Privilege Management in Apache Ozone"
}
GHSA-8G83-V3R7-R8GX
Vulnerability from github – Published: 2025-02-04 00:32 – Updated: 2025-02-04 00:32A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability.
{
"affected": [],
"aliases": [
"CVE-2025-1003"
],
"database_specific": {
"cwe_ids": [
"CWE-273"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-04T00:15:33Z",
"severity": "HIGH"
},
"details": "A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability.",
"id": "GHSA-8g83-v3r7-r8gx",
"modified": "2025-02-04T00:32:03Z",
"published": "2025-02-04T00:32:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1003"
},
{
"type": "WEB",
"url": "https://support.hp.com/us-en/document/ish_11920613-11920636-16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-53
Check the results of all functions that return a value and verify that the value is expected.
Mitigation
In Windows, make sure that the process token has the SeImpersonatePrivilege(Microsoft Server 2003). Code that relies on impersonation for security must ensure that the impersonation succeeded, i.e., that a proper privilege demotion happened.
No CAPEC attack patterns related to this CWE.