CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5455 vulnerabilities reference this CWE, most recent first.
GHSA-3H83-C8W5-CCCX
Vulnerability from github – Published: 2026-07-17 03:31 – Updated: 2026-07-17 03:31The Bricksforge plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.1.8.6. This is due to improper validation of the fieldIds parameter in the Pro Forms registration action, which allows attacker-supplied field IDs to be added to the trusted form-field whitelist. This makes it possible for unauthenticated attackers to register a new administrator account by submitting a crafted request to a publicly accessible Bricksforge Pro Forms registration form. Successful exploitation requires that the site has a public Bricksforge Pro Forms element configured with the User Registration action.
{
"affected": [],
"aliases": [
"CVE-2026-14956"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-17T02:18:03Z",
"severity": "CRITICAL"
},
"details": "The Bricksforge plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.1.8.6. This is due to improper validation of the fieldIds parameter in the Pro Forms registration action, which allows attacker-supplied field IDs to be added to the trusted form-field whitelist. This makes it possible for unauthenticated attackers to register a new administrator account by submitting a crafted request to a publicly accessible Bricksforge Pro Forms registration form. Successful exploitation requires that the site has a public Bricksforge Pro Forms element configured with the User Registration action.",
"id": "GHSA-3h83-c8w5-cccx",
"modified": "2026-07-17T03:31:19Z",
"published": "2026-07-17T03:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14956"
},
{
"type": "WEB",
"url": "https://bricksforge.io/version-changelog"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0538778-5ba4-4bec-a89d-ef90a9ba8375?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3H94-X92G-H9G5
Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35Missing Authorization in the server management routes (routes/admin.php) in Azuriom Azuriom CMS before 1.2.11 on all platforms allows an authenticated attacker with the admin.access permission to create AzLink server tokens and take over non-admin user accounts by changing their passwords and email addresses via crafted HTTP requests to /admin/servers/create and the AzLink API endpoints (/api/azlink/password, /api/azlink/email, /api/azlink/user/{id}).
{
"affected": [],
"aliases": [
"CVE-2026-54415"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-17T15:17:00Z",
"severity": "HIGH"
},
"details": "Missing Authorization in the server management routes (routes/admin.php) in Azuriom Azuriom CMS before 1.2.11 on all platforms allows an authenticated attacker with the admin.access permission to create AzLink server tokens and take over non-admin user accounts by changing their passwords and email addresses via crafted HTTP requests to /admin/servers/create and the AzLink API endpoints (/api/azlink/password, /api/azlink/email, /api/azlink/user/{id}).",
"id": "GHSA-3h94-x92g-h9g5",
"modified": "2026-06-17T18:35:56Z",
"published": "2026-06-17T18:35:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54415"
},
{
"type": "WEB",
"url": "https://github.com/Azuriom/Azuriom/commit/4b744bc0dd11f205f5aa053c6db8a949d3f0608e"
},
{
"type": "WEB",
"url": "https://github.com/Azuriom/Azuriom"
},
{
"type": "WEB",
"url": "https://github.com/Azuriom/Azuriom/releases/tag/v1.2.11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3HCH-V2C4-GM8H
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2023-12-29 00:30Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34460, CVE-2021-34510, CVE-2021-34512, CVE-2021-34513.
{
"affected": [],
"aliases": [
"CVE-2021-33751"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-14T18:15:00Z",
"severity": "HIGH"
},
"details": "Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34460, CVE-2021-34510, CVE-2021-34512, CVE-2021-34513.",
"id": "GHSA-3hch-v2c4-gm8h",
"modified": "2023-12-29T00:30:27Z",
"published": "2022-05-24T19:07:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33751"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33751"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-824"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3HH5-H95J-2CW7
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-05-24 17:26In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker
{
"affected": [],
"aliases": [
"CVE-2020-8623"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-21T21:15:00Z",
"severity": "MODERATE"
},
"details": "In BIND 9.10.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.10.5-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with \"--enable-native-pkcs11\" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker",
"id": "GHSA-3hh5-h95j-2cw7",
"modified": "2022-05-24T17:26:23Z",
"published": "2022-05-24T17:26:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8623"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/cve-2020-8623"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202008-19"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200827-0003"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4468-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4752"
},
{
"type": "WEB",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_19"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3HQJ-7V65-62FJ
Vulnerability from github – Published: 2024-06-21 21:33 – Updated: 2024-06-21 21:33When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.
{
"affected": [],
"aliases": [
"CVE-2020-27352"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-21T20:15:10Z",
"severity": "CRITICAL"
},
"details": "When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.",
"id": "GHSA-3hqj-7v65-62fj",
"modified": "2024-06-21T21:33:58Z",
"published": "2024-06-21T21:33:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27352"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/snapd/+bug/1910456"
},
{
"type": "WEB",
"url": "https://ubuntu.com/security/notices/USN-4728-1"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27352"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3HR7-2GJF-R4MJ
Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2022-05-24 17:19An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).
{
"affected": [],
"aliases": [
"CVE-2020-13841"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-05T00:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).",
"id": "GHSA-3hr7-2gjf-r4mj",
"modified": "2022-05-24T17:19:26Z",
"published": "2022-05-24T17:19:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13841"
},
{
"type": "WEB",
"url": "https://lgsecurity.lge.com"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3HRJ-C558-9FJQ
Vulnerability from github – Published: 2022-06-25 00:00 – Updated: 2026-07-05 03:30A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated non-administrative user to escalate their privilege and conduct code execution as a SYSTEM privilege.
{
"affected": [],
"aliases": [
"CVE-2020-21046"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-24T16:15:00Z",
"severity": "HIGH"
},
"details": "A local privilege escalation vulnerability was identified within the \"luminati_net_updater_win_eagleget_com\" service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated non-administrative user to escalate their privilege and conduct code execution as a SYSTEM privilege.",
"id": "GHSA-3hrj-c558-9fjq",
"modified": "2026-07-05T03:30:49Z",
"published": "2022-06-25T00:00:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21046"
},
{
"type": "WEB",
"url": "https://medium.com/%40n1pwn/local-privilege-escalation-in-eagleget-1fde79fe47c0"
},
{
"type": "WEB",
"url": "https://medium.com/@n1pwn/local-privilege-escalation-in-eagleget-1fde79fe47c0"
},
{
"type": "WEB",
"url": "http://eagleget.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3HW7-QJ9H-R835
Vulnerability from github – Published: 2025-05-19 19:15 – Updated: 2026-02-06 18:56A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed.
Am I Vulnerable?
This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters.
Affected Components
gardener/gardener
Affected Versions
- < v1.116.4
- < v1.117.5
- < v1.118.2
- < v1.119.0
Fixed Versions
- >= v1.116.4
- >= v1.117.5
- >= v1.118.2
- >= v1.119.0
How do I mitigate this vulnerability?
Update to a fixed version.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/gardener/gardener"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.116.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/gardener/gardener"
},
"ranges": [
{
"events": [
{
"introduced": "1.117.0"
},
{
"fixed": "1.117.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/gardener/gardener"
},
"ranges": [
{
"events": [
{
"introduced": "1.118.0"
},
{
"fixed": "1.118.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-47283"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-269"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-19T19:15:03Z",
"nvd_published_at": "2025-05-19T19:15:51Z",
"severity": "CRITICAL"
},
"details": "A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed.\n\n### Am I Vulnerable?\n\nThis CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters.\n\n### Affected Components\n\n- `gardener/gardener`\n\n### Affected Versions\n\n- \u003c v1.116.4\n- \u003c v1.117.5\n- \u003c v1.118.2\n- \u003c v1.119.0\n\n### Fixed Versions\n\n- \u0026gt;= v1.116.4\n- \u0026gt;= v1.117.5\n- \u0026gt;= v1.118.2\n- \u0026gt;= v1.119.0\n\n### How do I mitigate this vulnerability?\n\nUpdate to a fixed version.",
"id": "GHSA-3hw7-qj9h-r835",
"modified": "2026-02-06T18:56:41Z",
"published": "2025-05-19T19:15:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/gardener/gardener/security/advisories/GHSA-3hw7-qj9h-r835"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47283"
},
{
"type": "WEB",
"url": "https://github.com/gardener/gardener/commit/924b1575aae052bcda5a51fac8594d38fa3c41b0"
},
{
"type": "WEB",
"url": "https://github.com/gardener/gardener/commit/b89cf2cd5067e82f364063d5241af73650a6e11d"
},
{
"type": "WEB",
"url": "https://github.com/gardener/gardener/commit/bbd19b1dd3a31843d7b820172d37f75298dfaf8b"
},
{
"type": "WEB",
"url": "https://github.com/gardener/gardener/commit/cf4e9887d83902216b85609caf563f7a9dd2de00"
},
{
"type": "PACKAGE",
"url": "https://github.com/gardener/gardener"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Gardener allows bypassing project secret validation which can lead to privilege escalation"
}
GHSA-3J4J-7Q69-WJ53
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.
{
"affected": [],
"aliases": [
"CVE-2017-14312"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-11T22:29:00Z",
"severity": "HIGH"
},
"details": "Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.",
"id": "GHSA-3j4j-7q69-wj53",
"modified": "2022-05-13T01:43:21Z",
"published": "2022-05-13T01:43:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14312"
},
{
"type": "WEB",
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/424"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201812-03"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100881"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3J4M-48VR-7W3H
Vulnerability from github – Published: 2022-06-08 00:00 – Updated: 2022-06-12 00:00A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
{
"affected": [],
"aliases": [
"CVE-2020-36542"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-07T18:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.",
"id": "GHSA-3j4m-48vr-7w3h",
"modified": "2022-06-12T00:00:46Z",
"published": "2022-06-08T00:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36542"
},
{
"type": "WEB",
"url": "https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian"
},
{
"type": "WEB",
"url": "https://bitbucket.org/csalgadow/demokratian_votaciones/commits/0d073ee461edd5f42528d41e00bf0a7b22e86bb3"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.159435"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.