CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5455 vulnerabilities reference this CWE, most recent first.
GHSA-34H5-8GF3-X5Q5
Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2022-05-13 01:48LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.
{
"affected": [],
"aliases": [
"CVE-2018-1000648"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-20T19:31:00Z",
"severity": "HIGH"
},
"details": "LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.",
"id": "GHSA-34h5-8gf3-x5q5",
"modified": "2022-05-13T01:48:39Z",
"published": "2022-05-13T01:48:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000648"
},
{
"type": "WEB",
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1213"
},
{
"type": "WEB",
"url": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-34MM-3FGQ-QJXQ
Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.
{
"affected": [],
"aliases": [
"CVE-2018-16888"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-14T22:29:00Z",
"severity": "MODERATE"
},
"details": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.",
"id": "GHSA-34mm-3fgq-qjxq",
"modified": "2022-05-13T01:04:10Z",
"published": "2022-05-13T01:04:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16888"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2091"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190307-0007"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4269-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-34MQ-9XHJ-J4RJ
Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-05-24 19:13A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A local attacker may be able to elevate their privileges.
{
"affected": [],
"aliases": [
"CVE-2021-1853"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-08T15:15:00Z",
"severity": "HIGH"
},
"details": "A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A local attacker may be able to elevate their privileges.",
"id": "GHSA-34mq-9xhj-j4rj",
"modified": "2022-05-24T19:13:34Z",
"published": "2022-05-24T19:13:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1853"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212325"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-34P4-7W83-35G2
Vulnerability from github – Published: 2026-02-19 20:31 – Updated: 2026-02-23 22:27Summary
The application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has sufficient privileges to assign highly privileged roles such as admin. As a result, an authenticated user with the editor role can create a new account with administrative privileges, leading to full administrative access and complete compromise of the CMS.
Impact
Successful exploitation allows an attacker to:
- Gain full administrative control over the CMS.
- Access all site data and user information.
- Modify system configuration and security settings.
- Create, modify, or delete any user account, including legitimate administrators.
Patches
Formwork 2.3.4 properly assigns roles on user creation.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.3.3"
},
"package": {
"ecosystem": "Packagist",
"name": "getformwork/formwork"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-27198"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-19T20:31:07Z",
"nvd_published_at": "2026-02-21T06:17:00Z",
"severity": "HIGH"
},
"details": "### Summary\n\nThe application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has sufficient privileges to assign highly privileged roles such as admin. As a result, an authenticated user with the editor role can create a new account with administrative privileges, leading to full administrative access and complete compromise of the CMS.\n\n### Impact\n\nSuccessful exploitation allows an attacker to:\n- Gain full administrative control over the CMS.\n- Access all site data and user information. \n- Modify system configuration and security settings.\n- Create, modify, or delete any user account, including legitimate administrators.\n\n### Patches\n\n[Formwork 2.3.4](https://github.com/getformwork/formwork/releases/tag/2.3.4) properly assigns roles on user creation.",
"id": "GHSA-34p4-7w83-35g2",
"modified": "2026-02-23T22:27:29Z",
"published": "2026-02-19T20:31:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/getformwork/formwork/security/advisories/GHSA-34p4-7w83-35g2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27198"
},
{
"type": "WEB",
"url": "https://github.com/getformwork/formwork/commit/19390a0b408e084bdef86f3581e050f3ee51e7cd"
},
{
"type": "PACKAGE",
"url": "https://github.com/getformwork/formwork"
},
{
"type": "WEB",
"url": "https://github.com/getformwork/formwork/releases/tag/2.3.4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Formwork Improperly Managed Privileges in User creation"
}
GHSA-34Q8-J2CH-PP33
Vulnerability from github – Published: 2025-11-11 06:30 – Updated: 2026-04-08 18:33The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.5.0. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting the ability for users to select roles during registration. This makes it possible for unauthenticated attackers to gain administrator-level access to a vulnerable site.
{
"affected": [],
"aliases": [
"CVE-2025-11457"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-11T04:15:41Z",
"severity": "CRITICAL"
},
"details": "The EasyCommerce \u2013 AI-Powered, Fast \u0026 Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.5.0. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting the ability for users to select roles during registration. This makes it possible for unauthenticated attackers to gain administrator-level access to a vulnerable site.",
"id": "GHSA-34q8-j2ch-pp33",
"modified": "2026-04-08T18:33:58Z",
"published": "2025-11-11T06:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11457"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3392029/easycommerce/trunk/app/Abstracts/User.php"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/easycommerce"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ebe84ba-abc1-410c-b315-118746ff235a?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-34QP-H26W-RH76
Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2024-01-04 03:30An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2020-1511"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-17T19:15:00Z",
"severity": "MODERATE"
},
"details": "An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka \u0027Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability\u0027.",
"id": "GHSA-34qp-h26w-rh76",
"modified": "2024-01-04T03:30:34Z",
"published": "2022-05-24T17:25:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1511"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1511"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-34RP-625W-J33P
Vulnerability from github – Published: 2022-01-05 00:00 – Updated: 2022-07-13 00:01StarWind SAN & NAS build 1578 and StarWind Command Center Build 6864 Update Manager allows authentication with JTW token which is signed with any key. An attacker could use self-signed JTW token to bypass authentication resulting in escalation of privileges.
{
"affected": [],
"aliases": [
"CVE-2021-45389"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-04T16:15:00Z",
"severity": "CRITICAL"
},
"details": "StarWind SAN \u0026 NAS build 1578 and StarWind Command Center Build 6864 Update Manager allows authentication with JTW token which is signed with any key. An attacker could use self-signed JTW token to bypass authentication resulting in escalation of privileges.",
"id": "GHSA-34rp-625w-j33p",
"modified": "2022-07-13T00:01:50Z",
"published": "2022-01-05T00:00:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45389"
},
{
"type": "WEB",
"url": "https://www.starwindsoftware.com/security/sw-20211215-0001"
},
{
"type": "WEB",
"url": "https://www.starwindsoftware.com/security/sw-20211512-0001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-355P-V284-V3XP
Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2022-05-24 17:25Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0.
{
"affected": [],
"aliases": [
"CVE-2020-13365"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-06T17:15:00Z",
"severity": "HIGH"
},
"details": "Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0.",
"id": "GHSA-355p-v284-v3xp",
"modified": "2022-05-24T17:25:00Z",
"published": "2022-05-24T17:25:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13365"
},
{
"type": "WEB",
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-NAS-remote-access-vulnerability.shtml"
},
{
"type": "WEB",
"url": "https://www.zyxel.com/us/en/support/security_advisories.shtml"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-355W-35C4-FWH9
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1).
{
"affected": [],
"aliases": [
"CVE-2021-27448"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-25T20:15:00Z",
"severity": "HIGH"
},
"details": "A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1).",
"id": "GHSA-355w-35c4-fwh9",
"modified": "2022-05-24T17:45:25Z",
"published": "2022-05-24T17:45:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27448"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3587-G6J7-969G
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue.
{
"affected": [],
"aliases": [
"CVE-2012-3993"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-10-10T17:55:00Z",
"severity": "HIGH"
},
"details": "The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an \"XrayWrapper pollution\" issue.",
"id": "GHSA-3587-g6j7-969g",
"modified": "2022-05-13T01:23:40Z",
"published": "2022-05-13T01:23:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3993"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=768101"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79153"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16718"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/86111"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/50856"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/50892"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/50904"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/50935"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/50936"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/50984"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/55318"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-83.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/56119"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1611-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.