Common Weakness Enumeration

CWE-273

Allowed

Improper Check for Dropped Privileges

Abstraction: Base · Status: Incomplete

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

54 vulnerabilities reference this CWE, most recent first.

GHSA-984W-GCJ2-GR36

Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2025-04-20 03:34
VLAI
Details

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-6972"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-22T20:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.",
  "id": "GHSA-984w-gcj2-gr36",
  "modified": "2025-04-20T03:34:36Z",
  "published": "2022-05-13T01:46:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6972"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix"
    },
    {
      "type": "WEB",
      "url": "https://www.alienvault.com/forums/discussion/8698"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/42314"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97016"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C5GV-FCXR-PXG7

Vulnerability from github – Published: 2023-07-14 18:31 – Updated: 2024-04-04 06:08
VLAI
Details

In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-35692"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-14T16:15:14Z",
    "severity": "HIGH"
  },
  "details": "In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n",
  "id": "GHSA-c5gv-fcxr-pxg7",
  "modified": "2024-04-04T06:08:18Z",
  "published": "2023-07-14T18:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35692"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2023-07-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CMPH-X6R4-4WHR

Vulnerability from github – Published: 2024-02-20 15:31 – Updated: 2025-03-25 18:30
VLAI
Details

netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction

New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path might walk over an already released object. Once transaction is finished, async GC will collect such expired element.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52433"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-20T13:15:08Z",
    "severity": "MODERATE"
  },
  "details": "netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction\n\nNew elements in this transaction might expired before such transaction\nends. Skip sync GC for such elements otherwise commit path might walk\nover an already released object. Once transaction is finished, async GC\nwill collect such expired element.",
  "id": "GHSA-cmph-x6r4-4whr",
  "modified": "2025-03-25T18:30:25Z",
  "published": "2024-02-20T15:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52433"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/03caf75da1059f0460666c826e9f50e13dfd0017"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2ee52ae94baa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2ee52ae94baabf7ee09cf2a8d854b990dac5d0e4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9a8c544158f68f656d1734eb5ba00c4f817b76b1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9af7dfb3c9d7985172a240f85e684c5cd33e29ce"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9db9feb841f7449772f9393c16b9ef4536d8c127"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c323ed65f66e5387ee0a73452118d49f1dae81b8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e3213ff99a35"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e3213ff99a355cda811b41e8dbb3472d13167a3a"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240828-0003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FFW5-XWJF-F37R

Vulnerability from github – Published: 2023-10-05 03:31 – Updated: 2024-04-04 08:19
VLAI
Details

An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password check, it is possible to obtain credentials to access the management console as a non-privileged user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-26239"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-05T01:15:10Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password check, it is possible to obtain credentials to access the management console as a non-privileged user.",
  "id": "GHSA-ffw5-xwjf-f37r",
  "modified": "2024-04-04T08:19:00Z",
  "published": "2023-10-05T03:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26239"
    },
    {
      "type": "WEB",
      "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00007"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G5W2-P7G6-9X7G

Vulnerability from github – Published: 2026-06-02 00:31 – Updated: 2026-06-02 00:31
VLAI
Details

In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-0099"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-01T22:16:23Z",
    "severity": "HIGH"
  },
  "details": "In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.",
  "id": "GHSA-g5w2-p7g6-9x7g",
  "modified": "2026-06-02T00:31:57Z",
  "published": "2026-06-02T00:31:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0099"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/docs/security/bulletin/2026/2026-06-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G9M2-C2X5-FR2V

Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2023-08-01 23:39
VLAI
Summary
Moodle does not revoke role capabilities correctly
Details

A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.7.0"
            },
            {
              "fixed": "3.7.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.6.0"
            },
            {
              "fixed": "3.6.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.5.0"
            },
            {
              "fixed": "3.5.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-14879"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-01T23:39:36Z",
    "nvd_published_at": "2020-01-07T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).",
  "id": "GHSA-g9m2-c2x5-fr2v",
  "modified": "2023-08-01T23:39:36Z",
  "published": "2022-05-24T17:05:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14879"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/7b5f4a62c18fd5bad6956828aade23e1f15b4be3"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14879"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Moodle does not revoke role capabilities correctly"
}

GHSA-GP69-8V27-VCCW

Vulnerability from github – Published: 2022-04-22 00:24 – Updated: 2024-04-03 23:04
VLAI
Details

ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-2921"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-19T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.",
  "id": "GHSA-gp69-8v27-vccw",
  "modified": "2024-04-03T23:04:58Z",
  "published": "2022-04-22T00:24:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2921"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/cve-2011-2921"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2011-2921"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/154307/ktsuss-Suid-Privilege-Escalation.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GWF9-995R-26HX

Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2023-01-09 18:30
VLAI
Details

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-20044"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-24T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().",
  "id": "GHSA-gwf9-995r-26hx",
  "modified": "2023-01-09T18:30:21Z",
  "published": "2022-05-24T17:09:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20044"
    },
    {
      "type": "WEB",
      "url": "https://github.com/XMB5/zsh-privileged-upgrade"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-55"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211168"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211170"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211171"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211175"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211168"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211170"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211171"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211175"
    },
    {
      "type": "WEB",
      "url": "https://www.zsh.org/mla/zsh-announce/141"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/May/49"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/May/53"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/May/55"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/May/59"
    },
    {
      "type": "WEB",
      "url": "http://zsh.sourceforge.net/releases.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H93J-297H-HCXM

Vulnerability from github – Published: 2022-04-23 00:40 – Updated: 2024-04-03 23:06
VLAI
Details

Bitlbee does not drop extra group privileges correctly in unix.c

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-1187"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-29T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Bitlbee does not drop extra group privileges correctly in unix.c",
  "id": "GHSA-h93j-297h-hcxm",
  "modified": "2024-04-03T23:06:49Z",
  "published": "2022-04-23T00:40:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1187"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/cve-2012-1187"
    },
    {
      "type": "WEB",
      "url": "https://bugs.bitlbee.org/ticket/852"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1187"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2012-1187"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HMVQ-6HJM-Q8HJ

Vulnerability from github – Published: 2022-05-14 03:07 – Updated: 2022-05-14 03:07
VLAI
Details

libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-0278"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-273"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-05-18T15:59:00Z",
    "severity": "HIGH"
  },
  "details": "libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.",
  "id": "GHSA-hmvq-6hjm-q8hj",
  "modified": "2022-05-14T03:07:29Z",
  "published": "2022-05-14T03:07:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0278"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libuv/libuv/pull/215"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!msg/libuv/0JZxwLMtsMI/jraczskYWWQJ"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#%21msg/libuv/0JZxwLMtsMI/jraczskYWWQJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150526.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201611-10"
    },
    {
      "type": "WEB",
      "url": "http://advisories.mageia.org/MGASA-2015-0186.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:228"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-53
Implementation

Check the results of all functions that return a value and verify that the value is expected.

Mitigation
Implementation

In Windows, make sure that the process token has the SeImpersonatePrivilege(Microsoft Server 2003). Code that relies on impersonation for security must ensure that the impersonation succeeded, i.e., that a proper privilege demotion happened.

No CAPEC attack patterns related to this CWE.