CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5455 vulnerabilities reference this CWE, most recent first.
GHSA-2WPW-3V5G-3WFF
Vulnerability from github – Published: 2025-06-11 00:30 – Updated: 2025-06-11 15:30A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts. A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack.
Users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following:
- Strict validation on Role Type hierarchy: the caller's role must be equal to or higher than the target user's role.
- API privilege comparison: the caller must possess all privileges of the user they are operating on.
- Two new domain-level settings (restricted to the default admin): - role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: "Admin, DomainAdmin, ResourceAdmin". - allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true.
{
"affected": [],
"aliases": [
"CVE-2025-47849"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-10T23:15:58Z",
"severity": "HIGH"
},
"details": "A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts. A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack.\n\nUsers are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following:\n\n\n * Strict validation on Role Type hierarchy: the caller\u0027s role must be equal to or higher than the target user\u0027s role.\u00a0\n * API privilege comparison: the caller must possess all privileges of the user they are operating on.\u00a0\n * Two new domain-level settings (restricted to the default admin):\u00a0\n\u2003- role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: \"Admin, DomainAdmin, ResourceAdmin\".\u00a0\n\u2003- allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true.",
"id": "GHSA-2wpw-3v5g-3wff",
"modified": "2025-06-11T15:30:28Z",
"published": "2025-06-11T00:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47849"
},
{
"type": "WEB",
"url": "https://cloudstack.apache.org/blog/cve-advisories-4.19.3.0-4.20.1.0"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/y3qnwn59t8qggtdohv7k7vw39bgb3d60"
},
{
"type": "WEB",
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-19-3-0-and-4-20-1-0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2WW6-GH4G-5Q93
Vulnerability from github – Published: 2022-08-25 00:00 – Updated: 2022-08-29 20:06This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges.
{
"affected": [],
"aliases": [
"CVE-2022-32840"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-24T20:15:00Z",
"severity": "HIGH"
},
"details": "This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges.",
"id": "GHSA-2ww6-gh4g-5q93",
"modified": "2022-08-29T20:06:49Z",
"published": "2022-08-25T00:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32840"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213340"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213345"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213346"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2X2G-32R7-P4X8
Vulnerability from github – Published: 2024-11-19 09:30 – Updated: 2025-02-18 21:00Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients.
Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations which include the ability to read from disk or environment variables. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables.
In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments, including SaaS products. This issue affects Apache Kafka Clients: from from 2.3.0 through 3.5.2, 3.6.0 through 3.6.2, and 3.7.0.
Users with affected applications are recommended to upgrade kafka-clients to version >=3.8.0, and set the JVM system property "org.apache.kafka.automatic.config.providers=none". Users of Kafka Connect with one of the listed ConfigProvider implementations specified in their worker config are also recommended to add appropriate "allowlist.pattern" and "allowed.paths" to restrict their operation to appropriate bounds.
For users of Kafka Clients or Kafka Connect in environments that trust users with disk and environment variable access, it is not recommended to set the system property. For users of the Kafka Broker, Kafka MirrorMaker 2.0, Kafka Streams, and Kafka command-line tools, it is not recommended to set the system property.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.kafka:kafka-clients"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "3.7.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-31141"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": true,
"github_reviewed_at": "2024-11-19T18:02:57Z",
"nvd_published_at": "2024-11-19T09:15:03Z",
"severity": "MODERATE"
},
"details": "Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients.\n\nApache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations which include the ability to read from disk or environment variables.\nIn applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables.\n\nIn particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments, including SaaS products.\nThis issue affects Apache Kafka Clients: from from 2.3.0 through 3.5.2, 3.6.0 through 3.6.2, and 3.7.0.\n\n\nUsers with affected applications are recommended to upgrade kafka-clients to version \u003e=3.8.0, and set the JVM system property \"org.apache.kafka.automatic.config.providers=none\".\nUsers of Kafka Connect with one of the listed ConfigProvider implementations specified in their worker config are also recommended to add appropriate \"allowlist.pattern\" and \"allowed.paths\" to restrict their operation to appropriate bounds.\n\n\nFor users of Kafka Clients or Kafka Connect in environments that trust users with disk and environment variable access, it is not recommended to set the system property.\nFor users of the Kafka Broker, Kafka MirrorMaker 2.0, Kafka Streams, and Kafka command-line tools, it is not recommended to set the system property.",
"id": "GHSA-2x2g-32r7-p4x8",
"modified": "2025-02-18T21:00:05Z",
"published": "2024-11-19T09:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31141"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/kafka"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250131-0001"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/11/18/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider"
}
GHSA-2X4M-H7P8-49CX
Vulnerability from github – Published: 2025-09-17 00:31 – Updated: 2025-09-17 00:31A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on the underlying operating system.
{
"affected": [],
"aliases": [
"CVE-2025-37123"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-16T23:15:31Z",
"severity": "HIGH"
},
"details": "A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on the underlying operating system.",
"id": "GHSA-2x4m-h7p8-49cx",
"modified": "2025-09-17T00:31:11Z",
"published": "2025-09-17T00:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37123"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us\u0026docLocale=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2X5V-F8WH-JPF6
Vulnerability from github – Published: 2022-05-24 17:11 – Updated: 2022-05-24 17:11grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_ or write_) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS.
{
"affected": [],
"aliases": [
"CVE-2020-10565"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-14T01:15:00Z",
"severity": "HIGH"
},
"details": "grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS.",
"id": "GHSA-2x5v-f8wh-jpf6",
"modified": "2022-05-24T17:11:30Z",
"published": "2022-05-24T17:11:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10565"
},
{
"type": "WEB",
"url": "https://svnweb.freebsd.org/ports?view=revision\u0026revision=525916"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-2X8R-WP6Q-WHXR
Vulnerability from github – Published: 2023-07-04 00:31 – Updated: 2024-04-04 05:21NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.
{
"affected": [],
"aliases": [
"CVE-2023-25521"
],
"database_specific": {
"cwe_ids": [
"CWE-250",
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-04T00:15:09Z",
"severity": "HIGH"
},
"details": "\n\n\n\n\nNVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.\n\n\n\n\n\n",
"id": "GHSA-2x8r-wp6q-whxr",
"modified": "2024-04-04T05:21:08Z",
"published": "2023-07-04T00:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25521"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5461"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2XHW-38F9-VPRC
Vulnerability from github – Published: 2022-05-24 17:11 – Updated: 2022-05-24 17:11An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0788, CVE-2020-0887.
{
"affected": [],
"aliases": [
"CVE-2020-0877"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-12T16:15:00Z",
"severity": "HIGH"
},
"details": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0788, CVE-2020-0887.",
"id": "GHSA-2xhw-38f9-vprc",
"modified": "2022-05-24T17:11:02Z",
"published": "2022-05-24T17:11:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0877"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0877"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-2XPH-W2R8-F9PW
Vulnerability from github – Published: 2023-07-06 03:30 – Updated: 2024-04-04 05:24Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function.
{
"affected": [],
"aliases": [
"CVE-2023-30642"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-06T03:15:09Z",
"severity": "MODERATE"
},
"details": "Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function.",
"id": "GHSA-2xph-w2r8-f9pw",
"modified": "2024-04-04T05:24:27Z",
"published": "2023-07-06T03:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30642"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=07"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2XVX-8CFF-QX52
Vulnerability from github – Published: 2022-12-12 15:30 – Updated: 2022-12-19 18:30A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-3919"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-12T13:15:00Z",
"severity": "CRITICAL"
},
"details": "A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability.",
"id": "GHSA-2xvx-8cff-qx52",
"modified": "2022-12-19T18:30:25Z",
"published": "2022-12-12T15:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3919"
},
{
"type": "WEB",
"url": "https://support.hp.com/us-en/document/ish_5481136-5481162-16/hpsbgn03761"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3225-53WC-82W5
Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2022-05-24 17:25Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an authenticated user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2020-8736"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-13T03:15:00Z",
"severity": "MODERATE"
},
"details": "Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an authenticated user to potentially enable escalation of privilege via local access.",
"id": "GHSA-3225-53wc-82w5",
"modified": "2022-05-24T17:25:41Z",
"published": "2022-05-24T17:25:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8736"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00387.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.