Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5455 vulnerabilities reference this CWE, most recent first.

GHSA-34H5-8GF3-X5Q5

Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2022-05-13 01:48
VLAI
Details

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-1000648"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-20T19:31:00Z",
    "severity": "HIGH"
  },
  "details": "LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.",
  "id": "GHSA-34h5-8gf3-x5q5",
  "modified": "2022-05-13T01:48:39Z",
  "published": "2022-05-13T01:48:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000648"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibreHealthIO/lh-ehr/issues/1213"
    },
    {
      "type": "WEB",
      "url": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-34MM-3FGQ-QJXQ

Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04
VLAI
Details

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16888"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-14T22:29:00Z",
    "severity": "MODERATE"
  },
  "details": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.",
  "id": "GHSA-34mm-3fgq-qjxq",
  "modified": "2022-05-13T01:04:10Z",
  "published": "2022-05-13T01:04:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16888"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2091"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190307-0007"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4269-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-34MQ-9XHJ-J4RJ

Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-05-24 19:13
VLAI
Details

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A local attacker may be able to elevate their privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1853"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-08T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A local attacker may be able to elevate their privileges.",
  "id": "GHSA-34mq-9xhj-j4rj",
  "modified": "2022-05-24T19:13:34Z",
  "published": "2022-05-24T19:13:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1853"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212325"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-34P4-7W83-35G2

Vulnerability from github – Published: 2026-02-19 20:31 – Updated: 2026-02-23 22:27
VLAI
Summary
Formwork Improperly Managed Privileges in User creation
Details

Summary

The application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has sufficient privileges to assign highly privileged roles such as admin. As a result, an authenticated user with the editor role can create a new account with administrative privileges, leading to full administrative access and complete compromise of the CMS.

Impact

Successful exploitation allows an attacker to: - Gain full administrative control over the CMS. - Access all site data and user information.
- Modify system configuration and security settings. - Create, modify, or delete any user account, including legitimate administrators.

Patches

Formwork 2.3.4 properly assigns roles on user creation.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.3.3"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "getformwork/formwork"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-27198"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-19T20:31:07Z",
    "nvd_published_at": "2026-02-21T06:17:00Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nThe application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has sufficient privileges to assign highly privileged roles such as admin. As a result, an authenticated user with the editor role can create a new account with administrative privileges, leading to full administrative access and complete compromise of the CMS.\n\n### Impact\n\nSuccessful exploitation allows an attacker to:\n- Gain full administrative control over the CMS.\n- Access all site data and user information.  \n- Modify system configuration and security settings.\n- Create, modify, or delete any user account, including legitimate administrators.\n\n### Patches\n\n[Formwork 2.3.4](https://github.com/getformwork/formwork/releases/tag/2.3.4)  properly assigns roles on user creation.",
  "id": "GHSA-34p4-7w83-35g2",
  "modified": "2026-02-23T22:27:29Z",
  "published": "2026-02-19T20:31:07Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/getformwork/formwork/security/advisories/GHSA-34p4-7w83-35g2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27198"
    },
    {
      "type": "WEB",
      "url": "https://github.com/getformwork/formwork/commit/19390a0b408e084bdef86f3581e050f3ee51e7cd"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/getformwork/formwork"
    },
    {
      "type": "WEB",
      "url": "https://github.com/getformwork/formwork/releases/tag/2.3.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Formwork Improperly Managed Privileges in User creation"
}

GHSA-34Q8-J2CH-PP33

Vulnerability from github – Published: 2025-11-11 06:30 – Updated: 2026-04-08 18:33
VLAI
Details

The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.5.0. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting the ability for users to select roles during registration. This makes it possible for unauthenticated attackers to gain administrator-level access to a vulnerable site.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-11457"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-11T04:15:41Z",
    "severity": "CRITICAL"
  },
  "details": "The EasyCommerce \u2013 AI-Powered, Fast \u0026 Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.5.0. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting the ability for users to select roles during registration. This makes it possible for unauthenticated attackers to gain administrator-level access to a vulnerable site.",
  "id": "GHSA-34q8-j2ch-pp33",
  "modified": "2026-04-08T18:33:58Z",
  "published": "2025-11-11T06:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11457"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3392029/easycommerce/trunk/app/Abstracts/User.php"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/easycommerce"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ebe84ba-abc1-410c-b315-118746ff235a?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-34QP-H26W-RH76

Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2024-01-04 03:30
VLAI
Details

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1511"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-17T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka \u0027Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability\u0027.",
  "id": "GHSA-34qp-h26w-rh76",
  "modified": "2024-01-04T03:30:34Z",
  "published": "2022-05-24T17:25:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1511"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1511"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-34RP-625W-J33P

Vulnerability from github – Published: 2022-01-05 00:00 – Updated: 2022-07-13 00:01
VLAI
Details

StarWind SAN & NAS build 1578 and StarWind Command Center Build 6864 Update Manager allows authentication with JTW token which is signed with any key. An attacker could use self-signed JTW token to bypass authentication resulting in escalation of privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-45389"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-04T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "StarWind SAN \u0026 NAS build 1578 and StarWind Command Center Build 6864 Update Manager allows authentication with JTW token which is signed with any key. An attacker could use self-signed JTW token to bypass authentication resulting in escalation of privileges.",
  "id": "GHSA-34rp-625w-j33p",
  "modified": "2022-07-13T00:01:50Z",
  "published": "2022-01-05T00:00:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45389"
    },
    {
      "type": "WEB",
      "url": "https://www.starwindsoftware.com/security/sw-20211215-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.starwindsoftware.com/security/sw-20211512-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-355P-V284-V3XP

Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2022-05-24 17:25
VLAI
Details

Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-13365"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-06T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0.",
  "id": "GHSA-355p-v284-v3xp",
  "modified": "2022-05-24T17:25:00Z",
  "published": "2022-05-24T17:25:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13365"
    },
    {
      "type": "WEB",
      "url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-NAS-remote-access-vulnerability.shtml"
    },
    {
      "type": "WEB",
      "url": "https://www.zyxel.com/us/en/support/security_advisories.shtml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-355W-35C4-FWH9

Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45
VLAI
Details

A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27448"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-25T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1).",
  "id": "GHSA-355w-35c4-fwh9",
  "modified": "2022-05-24T17:45:25Z",
  "published": "2022-05-24T17:45:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27448"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3587-G6J7-969G

Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23
VLAI
Details

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-3993"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-10-10T17:55:00Z",
    "severity": "HIGH"
  },
  "details": "The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an \"XrayWrapper pollution\" issue.",
  "id": "GHSA-3587-g6j7-969g",
  "modified": "2022-05-13T01:23:40Z",
  "published": "2022-05-13T01:23:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3993"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=768101"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79153"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16718"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/86111"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/50856"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/50892"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/50904"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/50935"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/50936"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/50984"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/55318"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-83.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/56119"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1611-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.