CWE-664
DiscouragedImproper Control of a Resource Through its Lifetime
Abstraction: Pillar · Status: Draft
The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.
63 vulnerabilities reference this CWE, most recent first.
GHSA-7868-9J9H-FR97
Vulnerability from github – Published: 2022-05-17 02:51 – Updated: 2022-05-17 02:51The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an improper resource release vulnerability, which allows attackers to cause a system restart or privilege elevation.
{
"affected": [],
"aliases": [
"CVE-2016-8763"
],
"database_specific": {
"cwe_ids": [
"CWE-664"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-02T20:59:00Z",
"severity": "HIGH"
},
"details": "The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an improper resource release vulnerability, which allows attackers to cause a system restart or privilege elevation.",
"id": "GHSA-7868-9j9h-fr97",
"modified": "2022-05-17T02:51:04Z",
"published": "2022-05-17T02:51:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8763"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-en"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94509"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7PGF-PPXW-8624
Vulnerability from github – Published: 2025-07-12 18:30 – Updated: 2025-11-05 20:30The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files.
This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0.
Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.zeppelin:zeppelin-interpreter"
},
"ranges": [
{
"events": [
{
"introduced": "0.10.1"
},
{
"fixed": "0.12.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.zeppelin:zeppelin-server"
},
"ranges": [
{
"events": [
{
"introduced": "0.10.1"
},
{
"fixed": "0.12.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-41169"
],
"database_specific": {
"cwe_ids": [
"CWE-664"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-14T20:31:20Z",
"nvd_published_at": "2025-07-12T17:15:20Z",
"severity": "HIGH"
},
"details": "The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server\u0027s resources, including directories and files.\n\nThis issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0.\n\nUsers are recommended to upgrade to version 0.12.0,\u00a0which fixes the issue by removing the Cluster Interpreter.",
"id": "GHSA-7pgf-ppxw-8624",
"modified": "2025-11-05T20:30:41Z",
"published": "2025-07-12T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41169"
},
{
"type": "WEB",
"url": "https://github.com/apache/zeppelin/pull/4841"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/zeppelin"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/ZEPPELIN-6101"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/moyym04993c8owh4h0qj98r43tbo8qdd"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/13/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Zeppelin exposes server resources to unauthenticated attackers"
}
GHSA-8MJR-JR5H-Q2XR
Vulnerability from github – Published: 2022-07-15 18:17 – Updated: 2024-11-22 18:11Impact
This vulnerability affects all accounts (vanilla and ethereum flavors) in the v0.2.0 release of OpenZeppelin Contracts for Cairo, which are not whitelisted on StarkNet mainnet, so only goerli deployments of v0.2.0 accounts are affected.
This faulty behavior is not observed in StarkNet's testing framework, so don't rely on it passing to detect this issue on custom accounts.
Patches
This bug has been patched in v0.2.1.
References
The issue is detailed in https://github.com/OpenZeppelin/cairo-contracts/issues/386.
For more information
If you have any questions or comments about this advisory: * Open an issue in the Contracts for Cairo repo * Email us at security@openzeppelin.com
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "openzeppelin-cairo-contracts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-31153"
],
"database_specific": {
"cwe_ids": [
"CWE-664",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-15T18:17:19Z",
"nvd_published_at": "2022-07-15T18:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nThis vulnerability affects all accounts (vanilla and ethereum flavors) in the [v0.2.0 release of OpenZeppelin Contracts for Cairo](https://github.com/OpenZeppelin/cairo-contracts/releases/tag/v0.2.0), which are not whitelisted on StarkNet mainnet, so only goerli deployments of v0.2.0 accounts are affected.\n\nThis faulty behavior is not observed in [StarkNet\u0027s testing framework](https://github.com/starkware-libs/cairo-lang/blob/master/src/starkware/starknet/testing/starknet.py), so don\u0027t rely on it passing to detect this issue on custom accounts.\n\n### Patches\nThis bug has been patched in [v0.2.1](https://github.com/OpenZeppelin/cairo-contracts/releases/tag/v0.2.1).\n\n### References\nThe issue is detailed in https://github.com/OpenZeppelin/cairo-contracts/issues/386.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [the Contracts for Cairo repo](https://github.com/OpenZeppelin/cairo-contracts/issues/new/choose)\n* Email us at [security@openzeppelin.com](mailto:security@openzeppelin.com)\n",
"id": "GHSA-8mjr-jr5h-q2xr",
"modified": "2024-11-22T18:11:28Z",
"published": "2022-07-15T18:17:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/OpenZeppelin/cairo-contracts/security/advisories/GHSA-8mjr-jr5h-q2xr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31153"
},
{
"type": "WEB",
"url": "https://github.com/OpenZeppelin/cairo-contracts/issues/386"
},
{
"type": "WEB",
"url": "https://github.com/OpenZeppelin/cairo-contracts/pull/387"
},
{
"type": "WEB",
"url": "https://github.com/OpenZeppelin/cairo-contracts/commit/2cd60279c3332285d47edf9ee3888b71257acdc9"
},
{
"type": "PACKAGE",
"url": "https://github.com/OpenZeppelin/cairo-contracts"
},
{
"type": "WEB",
"url": "https://github.com/OpenZeppelin/cairo-contracts/blob/release-0.2.0/src/openzeppelin/account/library.cairo#L203"
},
{
"type": "WEB",
"url": "https://github.com/OpenZeppelin/cairo-contracts/releases/tag/v0.2.1"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/openzeppelin-cairo-contracts-test/PYSEC-2022-43143.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli"
}
GHSA-8VQ8-5XVJ-8HQC
Vulnerability from github – Published: 2025-08-06 03:30 – Updated: 2025-08-06 03:30Iterator failure issue in the multi-mode input module. Impact: Successful exploitation of this vulnerability may cause iterator failures and affect availability.
{
"affected": [],
"aliases": [
"CVE-2025-54619"
],
"database_specific": {
"cwe_ids": [
"CWE-664"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-06T02:15:48Z",
"severity": "MODERATE"
},
"details": "Iterator failure issue in the multi-mode input module.\nImpact: Successful exploitation of this vulnerability may cause iterator failures and affect availability.",
"id": "GHSA-8vq8-5xvj-8hqc",
"modified": "2025-08-06T03:30:25Z",
"published": "2025-08-06T03:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54619"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2025/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-9GH5-CR2P-2MP4
Vulnerability from github – Published: 2025-08-06 03:30 – Updated: 2025-08-06 03:30Iterator failure issue in the WantAgent module. Impact: Successful exploitation of this vulnerability may cause memory release failures.
{
"affected": [],
"aliases": [
"CVE-2025-54621"
],
"database_specific": {
"cwe_ids": [
"CWE-664"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-06T02:15:48Z",
"severity": "MODERATE"
},
"details": "Iterator failure issue in the WantAgent module.\nImpact: Successful exploitation of this vulnerability may cause memory release failures.",
"id": "GHSA-9gh5-cr2p-2mp4",
"modified": "2025-08-06T03:30:25Z",
"published": "2025-08-06T03:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54621"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2025/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-F9JP-856V-8642
Vulnerability from github – Published: 2026-04-06 22:54 – Updated: 2026-04-06 22:54Summary
When an entity dies, the entity is flagged for despawn, but remains in the World's entity table, meaning it's still accessible by doing World->getEntity($entityId) and other methods. The same is true of a player when quitting the server.
When a network packet arrives from a client to attack an entity, the handler fetches the entity using World->getEntity($entityId) without any checks if the entity is already marked for despawning. Depending on the timing, the entity in question might already be in the flagged-for-despawn state when the action is processed. This means that the death handler for the entity might be run multiple times, causing loot and XP to be dropped multiple times, among other potential side effects.
Reproducing steps
To reproduce this vulnerability, two clients (Player A and Player B) are required.
Prerequisites: - Player A (Victim): Must have the valuable items to be duplicated in their inventory and 1 HP (to ensure instant death). - Player B (Attacker): Must be equipped with a weapon capable of dealing at least 1 damage.
Steps: 1. Player A and Player B stand next to each other. 2. Player A initiates the disconnect sequence (e.g., clicking "Disconnect" or "Exit to Menu"). 3. Immediately after Player A triggers the disconnect (within a split-second window), Player B must attack and kill Player A. 4. Player A's character dies server-side, and their inventory drops on the ground. 5. Player B collects the dropped items. 6. Player A logs back into the server. 7. Result: Player A still possesses the original items in their inventory, while Player B holds the dropped copies.
Patches
The issue was fixed in https://github.com/pmmp/PocketMine-MP/commit/c0719b76b18f2508143134e79bc9f1aa39109683 by adding checks for flagged-for-despawn entities in several affected locations.
While a cleaner fix would be to have World's various entity accessing methods exclude flagged-for-despawn entities, this was deemed too risky for 5.x as it would require significant internal changes.
Workarounds
Plugins can mitigate this issue on older versions by handling EntityDamageByEntityEvent, checking if the victim entity is flagged for despawn, and if so, cancelling the event.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "pocketmine/pocketmine-mp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.39.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-664"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-06T22:54:14Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "### Summary\nWhen an entity dies, the entity is flagged for despawn, but remains in the `World`\u0027s entity table, meaning it\u0027s still accessible by doing `World-\u003egetEntity($entityId)` and other methods. The same is true of a player when quitting the server.\n\nWhen a network packet arrives from a client to attack an entity, the handler fetches the entity using `World-\u003egetEntity($entityId)` without any checks if the entity is already marked for despawning. Depending on the timing, the entity in question might already be in the flagged-for-despawn state when the action is processed. This means that the death handler for the entity might be run multiple times, causing loot and XP to be dropped multiple times, among other potential side effects.\n\n### Reproducing steps\nTo reproduce this vulnerability, two clients (Player A and Player B) are required.\n\nPrerequisites:\n - Player A (Victim): Must have the valuable items to be duplicated in their inventory and 1 HP (to ensure instant death).\n - Player B (Attacker): Must be equipped with a weapon capable of dealing at least 1 damage.\n\nSteps:\n 1. Player A and Player B stand next to each other.\n 2. Player A initiates the disconnect sequence (e.g., clicking \"Disconnect\" or \"Exit to Menu\").\n 3. Immediately after Player A triggers the disconnect (within a split-second window), Player B must attack and kill Player A.\n 4. Player A\u0027s character dies server-side, and their inventory drops on the ground.\n 5. Player B collects the dropped items.\n 6. Player A logs back into the server.\n 7. Result: Player A still possesses the original items in their inventory, while Player B holds the dropped copies.\n\n### Patches\nThe issue was fixed in https://github.com/pmmp/PocketMine-MP/commit/c0719b76b18f2508143134e79bc9f1aa39109683 by adding checks for flagged-for-despawn entities in several affected locations.\n\nWhile a cleaner fix would be to have `World`\u0027s various entity accessing methods exclude flagged-for-despawn entities, this was deemed too risky for 5.x as it would require significant internal changes.\n\n### Workarounds\nPlugins can mitigate this issue on older versions by handling `EntityDamageByEntityEvent`, checking if the victim entity is flagged for despawn, and if so, cancelling the event.",
"id": "GHSA-f9jp-856v-8642",
"modified": "2026-04-06T22:54:14Z",
"published": "2026-04-06T22:54:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pmmp/PocketMine-MP/security/advisories/GHSA-f9jp-856v-8642"
},
{
"type": "WEB",
"url": "https://github.com/pmmp/PocketMine-MP/commit/c0719b76b18f2508143134e79bc9f1aa39109683"
},
{
"type": "PACKAGE",
"url": "https://github.com/pmmp/PocketMine-MP"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "PocketMine-MP: Player entities can still die and drop items in flaggedForDespawn state"
}
GHSA-FXJ4-9MXQ-CRWP
Vulnerability from github – Published: 2025-08-06 03:30 – Updated: 2025-08-06 03:30Iterator failure vulnerability in the card management module. Impact: Successful exploitation of this vulnerability may affect function stability.
{
"affected": [],
"aliases": [
"CVE-2025-54612"
],
"database_specific": {
"cwe_ids": [
"CWE-664"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-06T02:15:47Z",
"severity": "MODERATE"
},
"details": "Iterator failure vulnerability in the card management module.\nImpact: Successful exploitation of this vulnerability may affect function stability.",
"id": "GHSA-fxj4-9mxq-crwp",
"modified": "2025-08-06T03:30:24Z",
"published": "2025-08-06T03:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54612"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2025/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-FXWJ-V664-WV5G
Vulnerability from github – Published: 2022-04-20 00:00 – Updated: 2022-04-28 19:49Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server/v6"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-1385"
],
"database_specific": {
"cwe_ids": [
"CWE-664",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2022-04-22T20:57:43Z",
"nvd_published_at": "2022-04-19T21:15:00Z",
"severity": "MODERATE"
},
"details": "Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.",
"id": "GHSA-fxwj-v664-wv5g",
"modified": "2022-04-28T19:49:33Z",
"published": "2022-04-20T00:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1385"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1486820"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost-server"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Control of a Resource Through its Lifetime in Mattermost"
}
GHSA-HMPM-MQ94-9XM4
Vulnerability from github – Published: 2023-04-04 12:30 – Updated: 2023-04-11 18:30Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.
{
"affected": [],
"aliases": [
"CVE-2023-25942"
],
"database_specific": {
"cwe_ids": [
"CWE-664"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-04T11:15:00Z",
"severity": "MODERATE"
},
"details": "Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.",
"id": "GHSA-hmpm-mq94-9xm4",
"modified": "2023-04-11T18:30:30Z",
"published": "2023-04-04T12:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25942"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000211539/dell-emc-powerscale-onefs-security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J9JP-J2W9-GW9C
Vulnerability from github – Published: 2024-02-19 03:30 – Updated: 2024-09-04 18:30plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).
{
"affected": [],
"aliases": [
"CVE-2020-36774"
],
"database_specific": {
"cwe_ids": [
"CWE-664"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-19T02:15:47Z",
"severity": "MODERATE"
},
"details": "plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).",
"id": "GHSA-j9jp-j2w9-gw9c",
"modified": "2024-09-04T18:30:48Z",
"published": "2024-02-19T03:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36774"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/glade/-/issues/479"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-196: Session Credential Falsification through Forging
An attacker creates a false but functional session credential in order to gain or usurp access to a service. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. If an attacker is able to forge valid session credentials they may be able to bypass authentication or piggy-back off some other authenticated user's session. This attack differs from Reuse of Session IDs and Session Sidejacking attacks in that in the latter attacks an attacker uses a previous or existing credential without modification while, in a forging attack, the attacker must create their own credential, although it may be based on previously observed credentials.
CAPEC-21: Exploitation of Trusted Identifiers
An adversary guesses, obtains, or "rides" a trusted identifier (e.g. session ID, resource ID, cookie, etc.) to perform authorized actions under the guise of an authenticated user or service.
CAPEC-60: Reusing Session IDs (aka Session Replay)
This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
CAPEC-61: Session Fixation
The attacker induces a client to establish a session with the target software using a session identifier provided by the attacker. Once the user successfully authenticates to the target software, the attacker uses the (now privileged) session identifier in their own transactions. This attack leverages the fact that the target software either relies on client-generated session identifiers or maintains the same session identifiers after privilege elevation.
CAPEC-62: Cross Site Request Forgery
An attacker crafts malicious web links and distributes them (via web pages, email, etc.), typically in a targeted manner, hoping to induce users to click on the link and execute the malicious action against some third-party application. If successful, the action embedded in the malicious link will be processed and accepted by the targeted application with the users' privilege level. This type of attack leverages the persistence and implicit trust placed in user session cookies by many web applications today. In such an architecture, once the user authenticates to an application and a session cookie is created on the user's system, all following transactions for that session are authenticated using that cookie including potential actions initiated by an attacker and simply "riding" the existing session cookie.