CWE-273
AllowedImproper Check for Dropped Privileges
Abstraction: Base · Status: Incomplete
The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
54 vulnerabilities reference this CWE, most recent first.
GHSA-984W-GCJ2-GR36
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2025-04-20 03:34AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.
{
"affected": [],
"aliases": [
"CVE-2017-6972"
],
"database_specific": {
"cwe_ids": [
"CWE-273"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-22T20:59:00Z",
"severity": "CRITICAL"
},
"details": "AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.",
"id": "GHSA-984w-gcj2-gr36",
"modified": "2025-04-20T03:34:36Z",
"published": "2022-05-13T01:46:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6972"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix"
},
{
"type": "WEB",
"url": "https://www.alienvault.com/forums/discussion/8698"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/42314"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97016"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C5GV-FCXR-PXG7
Vulnerability from github – Published: 2023-07-14 18:31 – Updated: 2024-04-04 06:08In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2023-35692"
],
"database_specific": {
"cwe_ids": [
"CWE-273"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-14T16:15:14Z",
"severity": "HIGH"
},
"details": "In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n",
"id": "GHSA-c5gv-fcxr-pxg7",
"modified": "2024-04-04T06:08:18Z",
"published": "2023-07-14T18:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35692"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2023-07-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CMPH-X6R4-4WHR
Vulnerability from github – Published: 2024-02-20 15:31 – Updated: 2025-03-25 18:30netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path might walk over an already released object. Once transaction is finished, async GC will collect such expired element.
{
"affected": [],
"aliases": [
"CVE-2023-52433"
],
"database_specific": {
"cwe_ids": [
"CWE-273"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-20T13:15:08Z",
"severity": "MODERATE"
},
"details": "netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction\n\nNew elements in this transaction might expired before such transaction\nends. Skip sync GC for such elements otherwise commit path might walk\nover an already released object. Once transaction is finished, async GC\nwill collect such expired element.",
"id": "GHSA-cmph-x6r4-4whr",
"modified": "2025-03-25T18:30:25Z",
"published": "2024-02-20T15:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52433"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/03caf75da1059f0460666c826e9f50e13dfd0017"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2ee52ae94baa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2ee52ae94baabf7ee09cf2a8d854b990dac5d0e4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9a8c544158f68f656d1734eb5ba00c4f817b76b1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9af7dfb3c9d7985172a240f85e684c5cd33e29ce"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9db9feb841f7449772f9393c16b9ef4536d8c127"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c323ed65f66e5387ee0a73452118d49f1dae81b8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e3213ff99a35"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e3213ff99a355cda811b41e8dbb3472d13167a3a"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240828-0003"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FFW5-XWJF-F37R
Vulnerability from github – Published: 2023-10-05 03:31 – Updated: 2024-04-04 08:19An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password check, it is possible to obtain credentials to access the management console as a non-privileged user.
{
"affected": [],
"aliases": [
"CVE-2023-26239"
],
"database_specific": {
"cwe_ids": [
"CWE-273"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-05T01:15:10Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password check, it is possible to obtain credentials to access the management console as a non-privileged user.",
"id": "GHSA-ffw5-xwjf-f37r",
"modified": "2024-04-04T08:19:00Z",
"published": "2023-10-05T03:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26239"
},
{
"type": "WEB",
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00007"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G5W2-P7G6-9X7G
Vulnerability from github – Published: 2026-06-02 00:31 – Updated: 2026-06-02 00:31In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2026-0099"
],
"database_specific": {
"cwe_ids": [
"CWE-273"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T22:16:23Z",
"severity": "HIGH"
},
"details": "In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.",
"id": "GHSA-g5w2-p7g6-9x7g",
"modified": "2026-06-02T00:31:57Z",
"published": "2026-06-02T00:31:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0099"
},
{
"type": "WEB",
"url": "https://source.android.com/docs/security/bulletin/2026/2026-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G9M2-C2X5-FR2V
Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2023-08-01 23:39A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "3.7.0"
},
{
"fixed": "3.7.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "3.6.0"
},
{
"fixed": "3.6.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "3.5.0"
},
{
"fixed": "3.5.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-14879"
],
"database_specific": {
"cwe_ids": [
"CWE-273"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-01T23:39:36Z",
"nvd_published_at": "2020-01-07T17:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).",
"id": "GHSA-g9m2-c2x5-fr2v",
"modified": "2023-08-01T23:39:36Z",
"published": "2022-05-24T17:05:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14879"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/7b5f4a62c18fd5bad6956828aade23e1f15b4be3"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14879"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Moodle does not revoke role capabilities correctly"
}
GHSA-GP69-8V27-VCCW
Vulnerability from github – Published: 2022-04-22 00:24 – Updated: 2024-04-03 23:04ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.
{
"affected": [],
"aliases": [
"CVE-2011-2921"
],
"database_specific": {
"cwe_ids": [
"CWE-273"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-19T17:15:00Z",
"severity": "CRITICAL"
},
"details": "ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.",
"id": "GHSA-gp69-8v27-vccw",
"modified": "2024-04-03T23:04:58Z",
"published": "2022-04-22T00:24:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2921"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/cve-2011-2921"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2921"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/154307/ktsuss-Suid-Privilege-Escalation.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GWF9-995R-26HX
Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2023-01-09 18:30In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
{
"affected": [],
"aliases": [
"CVE-2019-20044"
],
"database_specific": {
"cwe_ids": [
"CWE-273"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-24T14:15:00Z",
"severity": "HIGH"
},
"details": "In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().",
"id": "GHSA-gwf9-995r-26hx",
"modified": "2023-01-09T18:30:21Z",
"published": "2022-05-24T17:09:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20044"
},
{
"type": "WEB",
"url": "https://github.com/XMB5/zsh-privileged-upgrade"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-55"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211168"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211170"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211171"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211175"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211168"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211170"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211171"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211175"
},
{
"type": "WEB",
"url": "https://www.zsh.org/mla/zsh-announce/141"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/May/49"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/May/53"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/May/55"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/May/59"
},
{
"type": "WEB",
"url": "http://zsh.sourceforge.net/releases.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H93J-297H-HCXM
Vulnerability from github – Published: 2022-04-23 00:40 – Updated: 2024-04-03 23:06Bitlbee does not drop extra group privileges correctly in unix.c
{
"affected": [],
"aliases": [
"CVE-2012-1187"
],
"database_specific": {
"cwe_ids": [
"CWE-273"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-29T19:15:00Z",
"severity": "CRITICAL"
},
"details": "Bitlbee does not drop extra group privileges correctly in unix.c",
"id": "GHSA-h93j-297h-hcxm",
"modified": "2024-04-03T23:06:49Z",
"published": "2022-04-23T00:40:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1187"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/cve-2012-1187"
},
{
"type": "WEB",
"url": "https://bugs.bitlbee.org/ticket/852"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1187"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1187"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HMVQ-6HJM-Q8HJ
Vulnerability from github – Published: 2022-05-14 03:07 – Updated: 2022-05-14 03:07libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2015-0278"
],
"database_specific": {
"cwe_ids": [
"CWE-273"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-05-18T15:59:00Z",
"severity": "HIGH"
},
"details": "libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.",
"id": "GHSA-hmvq-6hjm-q8hj",
"modified": "2022-05-14T03:07:29Z",
"published": "2022-05-14T03:07:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0278"
},
{
"type": "WEB",
"url": "https://github.com/libuv/libuv/pull/215"
},
{
"type": "WEB",
"url": "https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!msg/libuv/0JZxwLMtsMI/jraczskYWWQJ"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#%21msg/libuv/0JZxwLMtsMI/jraczskYWWQJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150526.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201611-10"
},
{
"type": "WEB",
"url": "http://advisories.mageia.org/MGASA-2015-0186.html"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:228"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-53
Check the results of all functions that return a value and verify that the value is expected.
Mitigation
In Windows, make sure that the process token has the SeImpersonatePrivilege(Microsoft Server 2003). Code that relies on impersonation for security must ensure that the impersonation succeeded, i.e., that a proper privilege demotion happened.
No CAPEC attack patterns related to this CWE.