CWE-267
Privilege Defined With Unsafe Actions
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
CVE-2025-7691 (GCVE-0-2025-7691)
Vulnerability from cvelistv5 – Published: 2025-09-26 09:05 – Updated: 2026-02-26 17:47
VLAI
Title
Privilege Defined With Unsafe Actions in GitLab
Summary
A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access to additional system capabilities.
Severity
6.5 (Medium)
CWE
- CWE-267 - Privilege Defined With Unsafe Actions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/555786 | issue-trackingpermissions-required |
| https://hackerone.com/reports/3200469 | technical-descriptionexploitpermissions-required |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-27T03:55:25.765550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:53.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "18.2.7",
"status": "affected",
"version": "16.6",
"versionType": "semver"
},
{
"lessThan": "18.3.3",
"status": "affected",
"version": "18.3",
"versionType": "semver"
},
{
"lessThan": "18.4.1",
"status": "affected",
"version": "18.4",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [rogerace](https://hackerone.com/rogerace) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access to additional system capabilities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267: Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T09:05:06.532Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #555786",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/555786"
},
{
"name": "HackerOne Bug Bounty Report #3200469",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/3200469"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 18.2.7, 18.3.3 or 18.4.1"
}
],
"title": "Privilege Defined With Unsafe Actions in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-7691",
"datePublished": "2025-09-26T09:05:06.532Z",
"dateReserved": "2025-07-15T19:30:32.045Z",
"dateUpdated": "2026-02-26T17:47:53.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0945 (GCVE-0-2026-0945)
Vulnerability from cvelistv5 – Published: 2026-02-04 20:25 – Updated: 2026-02-12 13:57
VLAI
Title
Role Delegation - Moderately critical - Access bypass - SA-CONTRIB-2026-002
Summary
Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0.
Severity
5.4 (Medium)
CWE
- CWE-267 - Privilege Defined With Unsafe Actions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Drupal | Role Delegation |
Affected:
1.3.0 , < 1.5.0
(semver)
|
Date Public
2026-01-14 17:54
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T13:57:41.636711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T13:57:44.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/role_delegation",
"defaultStatus": "unaffected",
"product": "Role Delegation",
"repo": "https://git.drupalcode.org/project/role_delegation",
"vendor": "Drupal",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Drew Webber (mcdruid)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Adam Bramley (acbramley)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Dieter Holvoet (dieterholvoet)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison (greggles)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Drew Webber (mcdruid)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec (poker10)"
}
],
"datePublic": "2026-01-14T17:54:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.\u003cp\u003eThis issue affects Role Delegation: from 1.3.0 before 1.5.0.\u003c/p\u003e"
}
],
"value": "Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T20:25:28.874Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2026-002"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Role Delegation - Moderately critical - Access bypass - SA-CONTRIB-2026-002",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2026-0945",
"datePublished": "2026-02-04T20:25:28.874Z",
"dateReserved": "2026-01-14T16:52:29.540Z",
"dateUpdated": "2026-02-12T13:57:44.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23526 (GCVE-0-2026-23526)
Vulnerability from cvelistv5 – Published: 2026-01-21 21:40 – Updated: 2026-02-26 14:44
VLAI
Title
CVAT vulnerable to privilege escalation of users with staff status
Summary
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.0.0 through 2.54.0, users that have the staff status may freely change their permissions, including giving themselves superuser status and joining the admin group, which gives them full access to the data in the CVAT instance. Version 2.55.0 fixes the issue. As a workaround, review the list of users with staff status and revoke it from any users that are not expected to have superuser privileges.
Severity
CWE
- CWE-267 - Privilege Defined With Unsafe Actions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/cvat-ai/cvat/security/advisori… | x_refsource_CONFIRM |
| https://github.com/cvat-ai/cvat/commit/88ac7aa4d5… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T04:55:22.871192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:33.583Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cvat",
"vendor": "cvat-ai",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 2.55.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.0.0 through 2.54.0, users that have the staff status may freely change their permissions, including giving themselves superuser status and joining the admin group, which gives them full access to the data in the CVAT instance. Version 2.55.0 fixes the issue. As a workaround, review the list of users with staff status and revoke it from any users that are not expected to have superuser privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267: Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T21:40:25.214Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-7pvv-w55f-qmw7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-7pvv-w55f-qmw7"
},
{
"name": "https://github.com/cvat-ai/cvat/commit/88ac7aa4d5b52271a30f1aa387c0f5745f8f77d4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cvat-ai/cvat/commit/88ac7aa4d5b52271a30f1aa387c0f5745f8f77d4"
}
],
"source": {
"advisory": "GHSA-7pvv-w55f-qmw7",
"discovery": "UNKNOWN"
},
"title": "CVAT vulnerable to privilege escalation of users with staff status"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23526",
"datePublished": "2026-01-21T21:40:25.214Z",
"dateReserved": "2026-01-13T18:22:43.980Z",
"dateUpdated": "2026-02-26T14:44:33.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2459 (GCVE-0-2026-2459)
Vulnerability from cvelistv5 – Published: 2026-02-24 13:21 – Updated: 2026-02-28 02:22
VLAI
Summary
A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so.
Severity
CWE
- CWE-267 - Privilege Defined with Unsafe Actions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | Relion REB500 |
Affected:
8.0.0.0 , ≤ 8.3.3.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-28T02:21:26.119358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-28T02:22:21.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Relion REB500",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "8.3.3.0",
"status": "affected",
"version": "8.0.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so.\u003cbr\u003e"
}
],
"value": "A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined with Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T13:42:34.978Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000217\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2026-2459",
"datePublished": "2026-02-24T13:21:42.470Z",
"dateReserved": "2026-02-13T11:08:24.044Z",
"dateUpdated": "2026-02-28T02:22:21.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2460 (GCVE-0-2026-2460)
Vulnerability from cvelistv5 – Published: 2026-02-24 13:24 – Updated: 2026-02-28 02:23
VLAI
Summary
A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so.
Severity
CWE
- CWE-267 - Privilege Defined with Unsafe Actions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | Relion REB500 |
Affected:
8.0.0.0 , ≤ 8.3.3.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-28T02:23:01.866036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-28T02:23:18.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Relion REB500",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "8.3.3.0",
"status": "affected",
"version": "8.0.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so.\u003cbr\u003e"
}
],
"value": "A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined with Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T13:43:35.340Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000217\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2026-2460",
"datePublished": "2026-02-24T13:24:34.836Z",
"dateReserved": "2026-02-13T11:08:27.300Z",
"dateUpdated": "2026-02-28T02:23:18.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27314 (GCVE-0-2026-27314)
Vulnerability from cvelistv5 – Published: 2026-04-07 16:33 – Updated: 2026-04-08 03:55
VLAI
Title
Apache Cassandra: Privilege escalation via ADD IDENTITY authorization bypass
Summary
Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role,
including a superuser role, and authenticate as that role via ADD IDENTITY.
Users are recommended to upgrade to version 5.0.7+, which fixes this issue.
Severity
No CVSS data available.
CWE
- CWE-267 - Privilege Defined With Unsafe Actions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/zrng82ddy4rpsmfyk… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Cassandra |
Affected:
5.0 , ≤ 5.0.6
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-07T17:25:57.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/07/7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-27314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T03:55:52.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2/",
"defaultStatus": "unaffected",
"packageName": "org.apache.cassandra:cassandra-all",
"product": "Apache Cassandra",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "5.0.6",
"status": "affected",
"version": "5.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Sho Odagiri, GMO Cybersecurity by Ierae, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePrivilege escalation\u0026nbsp;\u003c/span\u003ein Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator\u0026nbsp;allows a user with only CREATE permission\u0026nbsp;to associate their own certificate identity with an arbitrary role,\u003cbr\u003eincluding a superuser role, and authenticate as that role\u0026nbsp;via ADD IDENTITY.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to version 5.0.7+, which fixes this issue.\u0026nbsp;\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Privilege escalation\u00a0in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator\u00a0allows a user with only CREATE permission\u00a0to associate their own certificate identity with an arbitrary role,\nincluding a superuser role, and authenticate as that role\u00a0via ADD IDENTITY.\n\nUsers are recommended to upgrade to version 5.0.7+, which fixes this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T16:33:44.448Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/zrng82ddy4rpsmfyk582v6hqxcqrbz7f"
}
],
"source": {
"defect": [
"CASSANDRA-21219"
],
"discovery": "EXTERNAL"
},
"title": "Apache Cassandra: Privilege escalation via ADD IDENTITY authorization bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-27314",
"datePublished": "2026-04-07T16:33:44.448Z",
"dateReserved": "2026-02-19T00:03:57.862Z",
"dateUpdated": "2026-04-08T03:55:52.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42406 (GCVE-0-2026-42406)
Vulnerability from cvelistv5 – Published: 2026-05-13 14:12 – Updated: 2026-05-14 03:56
VLAI
Title
BIG-IP and BIG-IQ privilege escalation vulnerability
Summary
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
CWE
- CWE-267 - Privilege Defined With Unsafe Actions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000160971 | vendor-advisorypatch |
Impacted products
Date Public
2026-05-13 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T03:56:11.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"All Modules"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "21.1.0",
"versionType": "custom"
},
{
"lessThan": "21.0.0.2",
"status": "affected",
"version": "21.0.0",
"versionType": "custom"
},
{
"lessThan": "17.5.1.6",
"status": "affected",
"version": "17.5.0",
"versionType": "custom"
},
{
"lessThan": "17.1.3.2",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "*",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BIG-IQ",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "8.4.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5"
}
],
"datePublic": "2026-05-13T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands\u003c/span\u003e.\u0026nbsp; \u0026nbsp; \u0026nbsp;Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\u003cbr\u003e"
}
],
"value": "A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands.\u00a0 \u00a0 \u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Appliance Mode"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T14:12:41.288Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://my.f5.com/manage/s/article/K000160971"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "BIG-IP and BIG-IQ privilege escalation vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2026-42406",
"datePublished": "2026-05-13T14:12:41.288Z",
"dateReserved": "2026-04-30T23:04:20.038Z",
"dateUpdated": "2026-05-14T03:56:11.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6816 (GCVE-0-2026-6816)
Vulnerability from cvelistv5 – Published: 2026-05-28 22:50 – Updated: 2026-05-29 18:33
VLAI
Title
TFA Basic Plugins - Access Bypass
Summary
An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users.
This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2.
Severity
CWE
- CWE-267 - Privilege Defined With Unsafe Actions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.herodevs.com/vulnerability-directory/… | third-party-advisory |
| https://d7es.tag1.com/security-advisories/tfa-bas… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Drupal | TFA Basic Plugins |
Affected:
7.x-1.0 , ≤ 7.x-1.2
(custom)
|
Date Public
2025-08-25 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6816",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T18:33:12.747287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T18:33:20.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.herodevs.com/vulnerability-directory/cve-2026-6816?nes-for-drupal-7"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/tfa_basic",
"defaultStatus": "unknown",
"product": "TFA Basic Plugins",
"repo": "https://git.drupalcode.org/project/tfa_basic",
"vendor": "Drupal",
"versions": [
{
"lessThanOrEqual": "7.x-1.2",
"status": "affected",
"version": "7.x-1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-08-25T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users.\u003cbr\u003e\u003cp\u003eThis issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2.\u003c/p\u003e"
}
],
"value": "An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users.\n\n\nThis issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T22:50:49.419Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"name": "Drupal security advisory SA-CONTRIB-2025-085",
"tags": [
"third-party-advisory"
],
"url": "https://www.herodevs.com/vulnerability-directory/cve-2026-6816"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://d7es.tag1.com/security-advisories/tfa-basic-plugins-less-critical-access-bypass-sa-contrib-2025-085"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TFA Basic Plugins - Access Bypass",
"x_generator": {
"engine": "Vulnogram 0.5.0",
"note": "Draft record revised for CVE-2026-6816 as a standalone TFA Basic Plugins CVE based on Drupal.org issue #3577095."
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2026-6816",
"datePublished": "2026-05-28T22:50:49.419Z",
"dateReserved": "2026-04-21T19:10:28.105Z",
"dateUpdated": "2026-05-29T18:33:20.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9560 (GCVE-0-2026-9560)
Vulnerability from cvelistv5 – Published: 2026-05-26 17:39 – Updated: 2026-05-27 03:55
VLAI
Summary
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel
Severity
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://openvpn.net/connect-docs/macos-release-no… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenVPN Inc | OpenVPN Connect |
Affected:
3.5.1 , ≤ 3.8.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T03:55:51.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "OpenVPN Connect",
"vendor": "OpenVPN Inc",
"versions": [
{
"lessThanOrEqual": "3.8.1",
"status": "affected",
"version": "3.5.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege defined with unsafe actions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-270",
"description": "CWE-270 Privilege context switching error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648 Incorrect use of privileged APIs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T17:43:52.291Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://openvpn.net/connect-docs/macos-release-notes.html"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2026-9560",
"datePublished": "2026-05-26T17:39:57.378Z",
"dateReserved": "2026-05-26T10:31:38.473Z",
"dateUpdated": "2026-05-27T03:55:51.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-17
Phases: Architecture and Design, Operation
Strategy: Environment Hardening
Description:
- Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.
CAPEC-634: Probe Audio and Video Peripherals
The adversary exploits the target system's audio and video functionalities through malware or scheduled tasks. The goal is to capture sensitive information about the target for financial, personal, political, or other gains which is accomplished by collecting communication data between two parties via the use of peripheral devices (e.g. microphones and webcams) or applications with audio and video capabilities (e.g. Skype) on a system.
CAPEC-637: Collect Data from Clipboard
The adversary exploits an application that allows for the copying of sensitive data or information by collecting information copied to the clipboard. Data copied to the clipboard can be accessed by other applications, such as malware built to exfiltrate or log clipboard contents on a periodic basis. In this way, the adversary aims to garner information to which they are unauthorized.
CAPEC-643: Identify Shared Files/Directories on System
An adversary discovers connections between systems by exploiting the target system's standard practice of revealing them in searchable, common areas. Through the identification of shared folders/drives between systems, the adversary may further their goals of locating and collecting sensitive information/files, or map potential routes for lateral movement within the network.
CAPEC-648: Collect Data from Screen Capture
An adversary gathers sensitive information by exploiting the system's screen capture functionality. Through screenshots, the adversary aims to see what happens on the screen over the course of an operation. The adversary can leverage information gathered in order to carry out further attacks.