Common Weakness Enumeration

CWE-842

Allowed

Placement of User into Incorrect Group

Abstraction: Base · Status: Incomplete

The product or the administrator places a user into an incorrect group.

17 vulnerabilities reference this CWE, most recent first.

GHSA-4MJM-GG3Q-674F

Vulnerability from github – Published: 2023-01-17 21:30 – Updated: 2025-11-03 21:30
VLAI
Details

A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3650"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-842"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-17T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.",
  "id": "GHSA-4mjm-gg3q-674f",
  "modified": "2025-11-03T21:30:46Z",
  "published": "2023-01-17T21:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3650"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OEVVWT5ZFLYCVZNDJTDX7R6RY2W7JHP5"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/oss-sec/2022/q4/41"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202312-10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4WJJ-JWC9-2X96

Vulnerability from github – Published: 2022-09-14 00:00 – Updated: 2025-06-05 21:58
VLAI
Summary
Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification
Details

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/containers/podman/v4"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/containers/podman/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-2989"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-842",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-15T03:23:59Z",
    "nvd_published_at": "2022-09-13T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.",
  "id": "GHSA-4wjj-jwc9-2x96",
  "modified": "2025-06-05T21:58:44Z",
  "published": "2022-09-14T00:00:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2989"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/podman/pull/15618"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/podman/pull/15677"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/podman/pull/15696"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2022:7822"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2022:8008"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2022:8431"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2022-2989"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121445"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/containers/podman"
    },
    {
      "type": "WEB",
      "url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Podman\u0027s incorrect handling of the supplementary groups may lead to data disclosure, modification"
}

GHSA-86CP-4P5X-5MRM

Vulnerability from github – Published: 2024-10-08 21:31 – Updated: 2024-10-08 21:31
VLAI
Details

An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9412"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-842"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-08T20:15:05Z",
    "severity": "HIGH"
  },
  "details": "An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to.",
  "id": "GHSA-86cp-4p5x-5mrm",
  "modified": "2024-10-08T21:31:09Z",
  "published": "2024-10-08T21:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9412"
    },
    {
      "type": "WEB",
      "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201704.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FG3J-5W9G-HMG7

Vulnerability from github – Published: 2026-05-05 22:04 – Updated: 2026-05-05 22:04
VLAI
Summary
authd: Primary group ID is incorrectly set to value of UID
Details

authd 0.6.0 contains a bug which can lead to an incorrect primary group ID.

It affects users whose primary group ID (i.e. the GID in the user record) differs from their UID. There are two ways which can lead to this:

  1. The user was created with authd < 0.5.4 (released June 2025). Those users were created with UID != GID.

  2. The primary group of the user was modified manually with the authctl utility that is shipped with authd (authctl group set-gid).

Another condition is that some user information must have changed in the identity provider (else the user record is not updated upon login). If that is the case, the next time an affected user logs in, authd will set their primary group ID to their UID.

This could lead to local privileges escalation. Also, files and directories created by those users will be owned by that incorrect primary group, which may grant other local users access to those files which they shouldn't have.

Users who are affected by the issue can run this script to fix the primary group ID of all authd users and the file ownership of files in the home directory created with the incorrect GID:

authd_users=$(getent passwd --service authd | cut -d: -f1)
for user in $authd_users; do
    OLD_GID=$(id -g "$user")
    GID=$(getent group "$user" | cut -d: -f3)
    if [ -z "$GID" ]; then
        echo "Warning: could not determine GID for $user, skipping" >&2
        continue
    fi
    if [ "$OLD_GID" = "$GID" ]; then
        continue  # user not affected
    fi
    USER_HOME=$(getent passwd "$user" | cut -d: -f6)
    echo "Fixing $user: resetting GID from $OLD_GID to $GID"
    sudo authctl group set-gid "$user" "$OLD_GID"
    sudo authctl group set-gid "$user" "$GID"
    sudo chown -R --from=":$OLD_GID" ":$GID" "$USER_HOME"
done

After applying the fix, affected users must log out and log back in for id, groups, and new file GID stamping to reflect the corrected primary group. You may also optionally terminate a user's active session with:

sudo loginctl terminate-user "$user"

If the users also own files outside their home directory, the ownership of those files might have to be updated as well.

Fixed by: https://github.com/canonical/authd/commit/154b428305cb1a7a19c897626fefd09d6dde8b9f

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/canonical/authd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.6.0"
            },
            {
              "fixed": "0.6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-6970"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-842"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-05T22:04:07Z",
    "nvd_published_at": "2026-04-27T16:16:46Z",
    "severity": "HIGH"
  },
  "details": "authd 0.6.0 contains [a bug](https://github.com/canonical/authd/issues/1482) which can lead to an incorrect primary group ID.\n\nIt affects users whose primary group ID (i.e. the GID in the user record) differs from their UID. There are two ways which can lead to this:\n\n1. The user was created with authd \u003c 0.5.4 (released June 2025). Those users were created with UID != GID.\n\n2. The primary group of the user was modified manually with the authctl utility that is shipped with authd (`authctl group set-gid`).\n\nAnother condition is that some user information must have changed in the identity provider (else the user record is not updated upon login). If that is the case, the next time an affected user logs in, authd will set their primary group ID to their UID.\n\nThis could lead to local privileges escalation. Also, files and directories created by those users will be owned by that incorrect primary group, which may grant other local users access to those files which they shouldn\u0027t have.\n\nUsers who are affected by the issue can run this script to fix the primary group ID of all authd users and the file ownership of files in the home directory created with the incorrect GID:\n\n```bash\nauthd_users=$(getent passwd --service authd | cut -d: -f1)\nfor user in $authd_users; do\n    OLD_GID=$(id -g \"$user\")\n    GID=$(getent group \"$user\" | cut -d: -f3)\n    if [ -z \"$GID\" ]; then\n        echo \"Warning: could not determine GID for $user, skipping\" \u003e\u00262\n        continue\n    fi\n    if [ \"$OLD_GID\" = \"$GID\" ]; then\n        continue  # user not affected\n    fi\n    USER_HOME=$(getent passwd \"$user\" | cut -d: -f6)\n    echo \"Fixing $user: resetting GID from $OLD_GID to $GID\"\n    sudo authctl group set-gid \"$user\" \"$OLD_GID\"\n    sudo authctl group set-gid \"$user\" \"$GID\"\n    sudo chown -R --from=\":$OLD_GID\" \":$GID\" \"$USER_HOME\"\ndone\n```\n\nAfter applying the fix, affected users must log out and log back in for `id`, `groups`, and new file GID stamping to reflect the corrected primary group. You may also optionally terminate a user\u0027s active session with:\n\n```bash\nsudo loginctl terminate-user \"$user\"\n```\n\nIf the users also own files outside their home directory, the ownership of those files might have to be updated as well.\n\nFixed by: https://github.com/canonical/authd/commit/154b428305cb1a7a19c897626fefd09d6dde8b9f",
  "id": "GHSA-fg3j-5w9g-hmg7",
  "modified": "2026-05-05T22:04:07Z",
  "published": "2026-05-05T22:04:07Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/canonical/authd/security/advisories/GHSA-fg3j-5w9g-hmg7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6970"
    },
    {
      "type": "WEB",
      "url": "https://github.com/canonical/authd/commit/154b428305cb1a7a19c897626fefd09d6dde8b9f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/canonical/authd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "authd: Primary group ID is incorrectly set to value of UID "
}

GHSA-FJM8-M7M6-2FJP

Vulnerability from github – Published: 2022-09-14 00:00 – Updated: 2022-09-16 21:39
VLAI
Summary
Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification
Details

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/containers/buildah"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.27.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-2990"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-842",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-15T03:24:17Z",
    "nvd_published_at": "2022-09-13T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.",
  "id": "GHSA-fjm8-m7m6-2fjp",
  "modified": "2022-09-16T21:39:13Z",
  "published": "2022-09-14T00:00:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2990"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/buildah/pull/4200"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/buildah/commit/4a8bf740e862f2438279c6feee2ea59ddf0cda0b"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2022-2990"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121453"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/containers/buildah"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2022-1008"
    },
    {
      "type": "WEB",
      "url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Buildah\u0027s incorrect handling of the supplementary groups may lead to data disclosure, modification"
}

GHSA-VH68-CV68-MVFR

Vulnerability from github – Published: 2023-02-01 06:30 – Updated: 2023-02-08 15:30
VLAI
Details

Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-45097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276",
      "CWE-842"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-01T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.",
  "id": "GHSA-vh68-cv68-mvfr",
  "modified": "2023-02-08T15:30:32Z",
  "published": "2023-02-01T06:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45097"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VR2X-7687-H6QV

Vulnerability from github – Published: 2023-02-28 23:25 – Updated: 2023-03-01 01:55
VLAI
Summary
api-platform/core's secured properties may be accessible within collections
Details

Impact

Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON, which is enabled by default when installing API Platform. Custom serialization formats may also be impacted. Only collection endpoints are affected by the issue, item endpoints are not. The JSON-LD format is not affected by the issue.

The result of the security rule is only executed for the first item of the collection. The result of the rule is then cached and reused for the next items. This bug can leak data to unauthorized users when the rule depends on the value of a property of the item. This bug can also hide properties that should be displayed to authorized users.

Patches

This issue impacts the 2.7, 3.0 and 3.1 branches. Upgrade to v2.7.10, v3.0.12 or v3.1.3.

Workarounds

Replace the cache_key of the context array of the Serializer inside a custom normalizer that works on objects if the security option of the ApiPlatform\Metadata\ApiProperty attribute is used.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "api-platform/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "api-platform/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "api-platform/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.7.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-25575"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-842",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-28T23:25:54Z",
    "nvd_published_at": "2023-02-28T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nResource properties secured with the `security` option of the `ApiPlatform\\Metadata\\ApiProperty` attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON, which is enabled by default when installing API Platform. Custom serialization formats may also be impacted. Only collection endpoints are affected by the issue, item endpoints are not. The JSON-LD format is not affected by the issue.\n\nThe result of the security rule is only executed for the first item of the collection. The result of the rule is then cached and reused for the next items. This bug can leak data to unauthorized users when the rule depends on the value of a property of the item. This bug can also hide properties that should be displayed to authorized users.\n\n### Patches\n\nThis issue impacts the 2.7, 3.0 and 3.1 branches. Upgrade to v2.7.10, v3.0.12 or v3.1.3.\n\n### Workarounds\n\nReplace the `cache_key` of the context array of the Serializer inside a custom normalizer that works on objects if the security option of the `ApiPlatform\\Metadata\\ApiProperty` attribute is used.",
  "id": "GHSA-vr2x-7687-h6qv",
  "modified": "2023-03-01T01:55:31Z",
  "published": "2023-02-28T23:25:54Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/api-platform/core/security/advisories/GHSA-vr2x-7687-h6qv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25575"
    },
    {
      "type": "WEB",
      "url": "https://github.com/api-platform/core/commit/5723d68369722feefeb11e42528d9580db5dd0fb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/api-platform/core/CVE-2023-25575.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/api-platform/core"
    },
    {
      "type": "WEB",
      "url": "https://github.com/api-platform/core/releases/tag/v2.7.10"
    },
    {
      "type": "WEB",
      "url": "https://github.com/api-platform/core/releases/tag/v3.0.12"
    },
    {
      "type": "WEB",
      "url": "https://github.com/api-platform/core/releases/tag/v3.1.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "api-platform/core\u0027s secured properties may be accessible within collections"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.