Common Weakness Enumeration

CWE-281

Allowed

Improper Preservation of Permissions

Abstraction: Base · Status: Draft

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

432 vulnerabilities reference this CWE, most recent first.

GHSA-H9G9-J2C8-V8GV

Vulnerability from github – Published: 2022-06-30 00:00 – Updated: 2022-07-09 00:00
VLAI
Details

MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-32969"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-29T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "MetaMask before 10.11.3 might allow an attacker to access a user\u0027s secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue.",
  "id": "GHSA-h9g9-j2c8-v8gv",
  "modified": "2022-07-09T00:00:21Z",
  "published": "2022-06-30T00:00:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32969"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MetaMask/metamask-extension/compare/v10.11.2...v10.11.3"
    },
    {
      "type": "WEB",
      "url": "https://halborn.com/disclosures/demonic-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://halborn.com/halborn-discovers-critical-vulnerability-affecting-crypto-wallet-browser-extensions"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HCQH-2X7M-P53X

Vulnerability from github – Published: 2022-10-17 19:00 – Updated: 2022-10-19 19:00
VLAI
Details

A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-14841"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-17T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.",
  "id": "GHSA-hcqh-2x7m-p53x",
  "modified": "2022-10-19T19:00:24Z",
  "published": "2022-10-17T19:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14841"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2019-14841"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1744801"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HG75-J4C9-FV98

Vulnerability from github – Published: 2024-12-07 00:31 – Updated: 2024-12-12 03:32
VLAI
Details

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41645"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-06T22:15:20Z",
    "severity": "CRITICAL"
  },
  "details": "Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl.",
  "id": "GHSA-hg75-j4c9-fv98",
  "modified": "2024-12-12T03:32:59Z",
  "published": "2024-12-07T00:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41645"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ros-navigation/navigation2/issues/4497"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ros-navigation/navigation2/pull/4521"
    },
    {
      "type": "WEB",
      "url": "https://github.com/GoesM/ROS-CVE-CNVDs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HH33-46Q4-HWM2

Vulnerability from github – Published: 2024-11-26 19:58 – Updated: 2024-11-26 21:43
VLAI
Summary
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion
Details

Impact

Existing lakeFS users who have issued credentials to users who have been deleted. Creating a new user with the same username, that user will inherit all of the previous user's credentials lakeFS needs to delete user credentials upon user deletion.

Patches

Has the problem been patched? What versions should users upgrade to?

Workarounds

A possible workaround will be not to reuse usernames that were previously deleted

References

Are there any links users can visit to find out more?

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/treeverse/lakefs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.33.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-43784"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281",
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-26T19:58:20Z",
    "nvd_published_at": "2024-11-26T21:15:07Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nExisting lakeFS users who have issued credentials to users who have been deleted.\nCreating a new user with the same username, that user will inherit all of the previous user\u0027s credentials lakeFS needs to delete user credentials upon user deletion.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\n### Workarounds\nA possible workaround will be not to reuse usernames that were previously deleted\n\n### References\n_Are there any links users can visit to find out more?_\n",
  "id": "GHSA-hh33-46q4-hwm2",
  "modified": "2024-11-26T21:43:45Z",
  "published": "2024-11-26T19:58:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/treeverse/lakeFS/security/advisories/GHSA-hh33-46q4-hwm2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43784"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/treeverse/lakeFS"
    },
    {
      "type": "WEB",
      "url": "https://github.com/treeverse/lakeFS/releases/tag/v1.33.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion"
}

GHSA-HH56-V5H3-G3F8

Vulnerability from github – Published: 2021-12-16 00:01 – Updated: 2021-12-18 00:01
VLAI
Details

In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-179338675

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0704"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-15T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-179338675",
  "id": "GHSA-hh56-v5h3-g3f8",
  "modified": "2021-12-18T00:01:45Z",
  "published": "2021-12-16T00:01:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0704"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2021-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HJJQ-3JJ4-C7C6

Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:31
VLAI
Details

An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4139"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281",
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-27T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An incorrect TLB flush issue was found in the Linux kernel\u2019s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.",
  "id": "GHSA-hjjq-3jj4-c7c6",
  "modified": "2024-04-04T05:31:56Z",
  "published": "2023-07-06T19:24:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4139"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2147572"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230309-0004"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2022/11/30/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HM88-XQXR-4JWR

Vulnerability from github – Published: 2024-06-20 09:30 – Updated: 2024-06-20 09:30
VLAI
Details

There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25646"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-20T07:15:41Z",
    "severity": "HIGH"
  },
  "details": "There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.",
  "id": "GHSA-hm88-xqxr-4jwr",
  "modified": "2024-06-20T09:30:59Z",
  "published": "2024-06-20T09:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25646"
    },
    {
      "type": "WEB",
      "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035844"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HMHQ-WHFW-X78Q

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10
VLAI
Details

If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 90.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-29971"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-05T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 90.",
  "id": "GHSA-hmhq-whfw-x78q",
  "modified": "2022-05-24T19:10:12Z",
  "published": "2022-05-24T19:10:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29971"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1713638"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-28"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HQ28-CRG7-95PR

Vulnerability from github – Published: 2026-05-08 22:24 – Updated: 2026-07-02 14:48
VLAI
Summary
Snipe-IT has Privilege Escalation via API Permissions Assignment
Details

Impact

An authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/{id} with permissions[admin]=1. The API controller only strips the superuser key from the permissions array, allowing admin and all other permission keys to be set by any user who can update users.

Patches

Patched in https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569, fix was released in v8.4.1

Workarounds

None.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "snipe/snipe-it"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44832"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-08T22:24:45Z",
    "nvd_published_at": "2026-05-26T20:16:20Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nAn authenticated user with only `users.edit` permission can escalate their own privileges to `admin` by sending a PATCH request to `/api/v1/users/{id}` with `permissions[admin]=1`. The API controller only strips the `superuser` key from the permissions array, allowing `admin` and all other permission keys to be set by any user who can update users.\n\n### Patches\nPatched in https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569, fix was released in v8.4.1\n\n### Workarounds\nNone.",
  "id": "GHSA-hq28-crg7-95pr",
  "modified": "2026-07-02T14:48:19Z",
  "published": "2026-05-08T22:24:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-hq28-crg7-95pr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44832"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/grokability/snipe-it"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Snipe-IT has Privilege Escalation via API Permissions Assignment"
}

GHSA-HQ36-29FH-GRCG

Vulnerability from github – Published: 2021-12-16 00:01 – Updated: 2022-07-13 00:01
VLAI
Details

In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197749180

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1004"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-15T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197749180",
  "id": "GHSA-hq36-29fh-grcg",
  "modified": "2022-07-13T00:01:00Z",
  "published": "2021-12-16T00:01:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1004"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2021-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.