Common Weakness Enumeration

CWE-280

Allowed

Improper Handling of Insufficient Permissions or Privileges

Abstraction: Base · Status: Draft

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

256 vulnerabilities reference this CWE, most recent first.

GHSA-P5GM-92H4-6PV6

Vulnerability from github – Published: 2026-05-08 20:21 – Updated: 2026-06-08 19:55
VLAI
Summary
Wagtail has improper restriction handling on Documents and Images API
Details

Impact

The Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections.

Patches

Patched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature release also incorporates this fix.

Workarounds

Site owners using Wagtail's API can avoid the vulnerability by adding authentication to the Documents and Images APIs.

Acknowledgements

Wagtail thanks independent security researcher Sanjok Karki @thesanjok for reporting this issue.

For more information

If there are any questions or comments about this advisory:

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "wagtail"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "wagtail"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.1"
            },
            {
              "fixed": "7.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44201"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-08T20:21:38Z",
    "nvd_published_at": "2026-05-11T16:17:35Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nThe Documents and Images [API](https://docs.wagtail.org/en/stable/advanced_topics/api/index.html) incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections.\n\n### Patches\n\nPatched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature release also incorporates this fix.\n\n### Workarounds\n\nSite owners using Wagtail\u0027s API can avoid the vulnerability by adding [authentication](https://docs.wagtail.org/en/stable/advanced_topics/api/v2/configuration.html#authentication) to the Documents and Images APIs.\n\n\n### Acknowledgements\n\nWagtail thanks independent security researcher Sanjok Karki @thesanjok for reporting this issue.\n\n### For more information\nIf there are any questions or comments about this advisory:\n\n* Visit Wagtail\u0027s [support channels](https://docs.wagtail.org/en/stable/support.html)\n* Send an email to [security@wagtail.org](mailto:security@wagtail.org) (view the [security policy](https://github.com/wagtail/wagtail/security/policy) for more information).",
  "id": "GHSA-p5gm-92h4-6pv6",
  "modified": "2026-06-08T19:55:51Z",
  "published": "2026-05-08T20:21:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44201"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-150.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/wagtail/wagtail"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Wagtail has improper restriction handling on Documents and Images API"
}

GHSA-PC2J-FVGW-H6VH

Vulnerability from github – Published: 2025-05-13 00:31 – Updated: 2025-11-03 21:33
VLAI
Details

The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-30453"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-12T22:15:21Z",
    "severity": "HIGH"
  },
  "details": "The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges.",
  "id": "GHSA-pc2j-fvgw-h6vh",
  "modified": "2025-11-03T21:33:48Z",
  "published": "2025-05-13T00:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30453"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122373"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122717"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122718"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/May/9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PFF8-M8JX-77FJ

Vulnerability from github – Published: 2025-03-24 12:30 – Updated: 2025-03-24 15:30
VLAI
Details

Software installed and run as a non-privileged user may conduct improper GPU system calls to issue reads and writes to arbitrary physical memory pages.

Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform, altering their behaviour.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0478"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-24T12:15:13Z",
    "severity": "HIGH"
  },
  "details": "Software installed and run as a non-privileged user may conduct improper GPU system calls to issue reads and writes to arbitrary physical memory pages.\n\nUnder certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform, altering their behaviour.",
  "id": "GHSA-pff8-m8jx-77fj",
  "modified": "2025-03-24T15:30:45Z",
  "published": "2025-03-24T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0478"
    },
    {
      "type": "WEB",
      "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PJ78-8H7F-MG7F

Vulnerability from github – Published: 2024-07-17 09:30 – Updated: 2026-04-08 18:33
VLAI
Details

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_func function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site and upload arbitrary files. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-6660"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-17T07:15:03Z",
    "severity": "HIGH"
  },
  "details": "The BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_func function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site and upload arbitrary files. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.",
  "id": "GHSA-pj78-8h7f-mg7f",
  "modified": "2026-04-08T18:33:33Z",
  "published": "2024-07-17T09:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6660"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_import_export.php#L1491"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_import_export.php#L410"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_import_export.php#L476"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3116857/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_import_export.php?contextall=1"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/851ff861-474e-4063-88ff-d8d35b10e9a0?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PQ39-F58P-6F4P

Vulnerability from github – Published: 2024-04-08 09:31 – Updated: 2024-08-01 15:31
VLAI
Details

Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52537"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-08T09:15:08Z",
    "severity": "HIGH"
  },
  "details": "Vulnerability of package name verification being bypassed in the HwIms module.\nImpact: Successful exploitation of this vulnerability will affect availability.",
  "id": "GHSA-pq39-f58p-6f4p",
  "modified": "2024-08-01T15:31:37Z",
  "published": "2024-04-08T09:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52537"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2024/3"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202403-0000001667644725"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PWM3-7FV4-G6XX

Vulnerability from github – Published: 2026-05-08 20:20 – Updated: 2026-06-08 19:55
VLAI
Summary
Wagtail has improper permission handling when deleting form submissions
Details

Impact

A CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't.

The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin.

Patches

Patched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature release also incorporates this fix.

Workarounds

No workaround is available.

Acknowledgements

Wagtail thanks Vishal Shukla @shukla304 for reporting this issue.

For more information

If there are any questions or comments about this advisory:

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "wagtail"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "wagtail"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.1"
            },
            {
              "fixed": "7.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44199"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-08T20:20:12Z",
    "nvd_published_at": "2026-05-11T16:17:35Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nA CMS user with limited access to form pages could delete submissions to form pages they don\u0027t have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don\u0027t. \n\nThe vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin.\n\n### Patches\n\nPatched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature release also incorporates this fix.\n\n### Workarounds\n\nNo workaround is available.\n\n\n### Acknowledgements\n\nWagtail thanks Vishal Shukla @shukla304 for reporting this issue.\n\n### For more information\nIf there are any questions or comments about this advisory:\n\n* Visit Wagtail\u0027s [support channels](https://docs.wagtail.org/en/stable/support.html)\n* Send an email to [security@wagtail.org](mailto:security@wagtail.org) (view the [security policy](https://github.com/wagtail/wagtail/security/policy) for more information).",
  "id": "GHSA-pwm3-7fv4-g6xx",
  "modified": "2026-06-08T19:55:40Z",
  "published": "2026-05-08T20:20:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44199"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2026-148.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/wagtail/wagtail"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Wagtail has improper permission handling when deleting form submissions"
}

GHSA-PWPC-5PP8-7QW9

Vulnerability from github – Published: 2026-02-24 15:30 – Updated: 2026-02-27 21:31
VLAI
Details

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1772"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-24T14:16:22Z",
    "severity": "MODERATE"
  },
  "details": "RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.",
  "id": "GHSA-pwpc-5pp8-7qw9",
  "modified": "2026-02-27T21:31:19Z",
  "published": "2026-02-24T15:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1772"
    },
    {
      "type": "WEB",
      "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000237\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-PWQ2-C6F6-F36F

Vulnerability from github – Published: 2024-02-20 09:30 – Updated: 2024-02-20 09:30
VLAI
Details

In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-1608"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-20T09:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "In OPPO Usercenter Credit SDK, there\u0027s a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction.",
  "id": "GHSA-pwq2-c6f6-f36f",
  "modified": "2024-02-20T09:30:32Z",
  "published": "2024-02-20T09:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1608"
    },
    {
      "type": "WEB",
      "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1759867611954552832"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q2HW-C235-RP9R

Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2026-04-02 21:31
VLAI
Details

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27837"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T15:13:07Z",
    "severity": "HIGH"
  },
  "details": "A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items.",
  "id": "GHSA-q2hw-c235-rp9r",
  "modified": "2026-04-02T21:31:41Z",
  "published": "2024-05-14T15:32:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27837"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120903"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214106"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214106"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/May/12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q35R-VVHV-VX5H

Vulnerability from github – Published: 2026-03-26 21:31 – Updated: 2026-04-02 15:31
VLAI
Summary
Keycloak: Missing Role Enforcement on UMA 2.0 Permission Ticket Endpoint Leads to Information Disclosure
Details

A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the uma_protection role check. This allows any authenticated user with a token issued for a resource server client, even without the uma_protection role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-server-spi-private"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "26.5.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "26.5.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-model-jpa"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "26.5.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-3190"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-280"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-29T15:46:10Z",
    "nvd_published_at": "2026-03-26T19:17:06Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure.",
  "id": "GHSA-q35r-vvhv-vx5h",
  "modified": "2026-04-02T15:31:37Z",
  "published": "2026-03-26T21:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3190"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/issues/46723"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:6477"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:6478"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-3190"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442572"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keycloak/keycloak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Keycloak: Missing Role Enforcement on UMA 2.0 Permission Ticket Endpoint Leads to Information Disclosure"
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation
Implementation

Always check to see if you have successfully accessed a resource or system functionality, and use proper error handling if it is unsuccessful. Do this even when you are operating in a highly privileged mode, because errors or environmental conditions might still cause a failure. For example, environments with highly granular permissions/privilege models, such as Windows or Linux capabilities, can cause unexpected failures.

No CAPEC attack patterns related to this CWE.