CWE-842
AllowedPlacement of User into Incorrect Group
Abstraction: Base · Status: Incomplete
The product or the administrator places a user into an incorrect group.
17 vulnerabilities reference this CWE, most recent first.
GHSA-4MJM-GG3Q-674F
Vulnerability from github – Published: 2023-01-17 21:30 – Updated: 2025-11-03 21:30A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.
{
"affected": [],
"aliases": [
"CVE-2022-3650"
],
"database_specific": {
"cwe_ids": [
"CWE-842"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-17T19:15:00Z",
"severity": "HIGH"
},
"details": "A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.",
"id": "GHSA-4mjm-gg3q-674f",
"modified": "2025-11-03T21:30:46Z",
"published": "2023-01-17T21:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3650"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00025.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OEVVWT5ZFLYCVZNDJTDX7R6RY2W7JHP5"
},
{
"type": "WEB",
"url": "https://seclists.org/oss-sec/2022/q4/41"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202312-10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4WJJ-JWC9-2X96
Vulnerability from github – Published: 2022-09-14 00:00 – Updated: 2025-06-05 21:58An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/containers/podman/v4"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.2.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/containers/podman/v3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-2989"
],
"database_specific": {
"cwe_ids": [
"CWE-842",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-15T03:23:59Z",
"nvd_published_at": "2022-09-13T14:15:00Z",
"severity": "HIGH"
},
"details": "An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.",
"id": "GHSA-4wjj-jwc9-2x96",
"modified": "2025-06-05T21:58:44Z",
"published": "2022-09-14T00:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2989"
},
{
"type": "WEB",
"url": "https://github.com/containers/podman/pull/15618"
},
{
"type": "WEB",
"url": "https://github.com/containers/podman/pull/15677"
},
{
"type": "WEB",
"url": "https://github.com/containers/podman/pull/15696"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:7822"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:8008"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:8431"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-2989"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121445"
},
{
"type": "PACKAGE",
"url": "https://github.com/containers/podman"
},
{
"type": "WEB",
"url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Podman\u0027s incorrect handling of the supplementary groups may lead to data disclosure, modification"
}
GHSA-86CP-4P5X-5MRM
Vulnerability from github – Published: 2024-10-08 21:31 – Updated: 2024-10-08 21:31An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to.
{
"affected": [],
"aliases": [
"CVE-2024-9412"
],
"database_specific": {
"cwe_ids": [
"CWE-842"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-08T20:15:05Z",
"severity": "HIGH"
},
"details": "An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to.",
"id": "GHSA-86cp-4p5x-5mrm",
"modified": "2024-10-08T21:31:09Z",
"published": "2024-10-08T21:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9412"
},
{
"type": "WEB",
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201704.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-FG3J-5W9G-HMG7
Vulnerability from github – Published: 2026-05-05 22:04 – Updated: 2026-05-05 22:04authd 0.6.0 contains a bug which can lead to an incorrect primary group ID.
It affects users whose primary group ID (i.e. the GID in the user record) differs from their UID. There are two ways which can lead to this:
-
The user was created with authd < 0.5.4 (released June 2025). Those users were created with UID != GID.
-
The primary group of the user was modified manually with the authctl utility that is shipped with authd (
authctl group set-gid).
Another condition is that some user information must have changed in the identity provider (else the user record is not updated upon login). If that is the case, the next time an affected user logs in, authd will set their primary group ID to their UID.
This could lead to local privileges escalation. Also, files and directories created by those users will be owned by that incorrect primary group, which may grant other local users access to those files which they shouldn't have.
Users who are affected by the issue can run this script to fix the primary group ID of all authd users and the file ownership of files in the home directory created with the incorrect GID:
authd_users=$(getent passwd --service authd | cut -d: -f1)
for user in $authd_users; do
OLD_GID=$(id -g "$user")
GID=$(getent group "$user" | cut -d: -f3)
if [ -z "$GID" ]; then
echo "Warning: could not determine GID for $user, skipping" >&2
continue
fi
if [ "$OLD_GID" = "$GID" ]; then
continue # user not affected
fi
USER_HOME=$(getent passwd "$user" | cut -d: -f6)
echo "Fixing $user: resetting GID from $OLD_GID to $GID"
sudo authctl group set-gid "$user" "$OLD_GID"
sudo authctl group set-gid "$user" "$GID"
sudo chown -R --from=":$OLD_GID" ":$GID" "$USER_HOME"
done
After applying the fix, affected users must log out and log back in for id, groups, and new file GID stamping to reflect the corrected primary group. You may also optionally terminate a user's active session with:
sudo loginctl terminate-user "$user"
If the users also own files outside their home directory, the ownership of those files might have to be updated as well.
Fixed by: https://github.com/canonical/authd/commit/154b428305cb1a7a19c897626fefd09d6dde8b9f
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/canonical/authd"
},
"ranges": [
{
"events": [
{
"introduced": "0.6.0"
},
{
"fixed": "0.6.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-6970"
],
"database_specific": {
"cwe_ids": [
"CWE-842"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-05T22:04:07Z",
"nvd_published_at": "2026-04-27T16:16:46Z",
"severity": "HIGH"
},
"details": "authd 0.6.0 contains [a bug](https://github.com/canonical/authd/issues/1482) which can lead to an incorrect primary group ID.\n\nIt affects users whose primary group ID (i.e. the GID in the user record) differs from their UID. There are two ways which can lead to this:\n\n1. The user was created with authd \u003c 0.5.4 (released June 2025). Those users were created with UID != GID.\n\n2. The primary group of the user was modified manually with the authctl utility that is shipped with authd (`authctl group set-gid`).\n\nAnother condition is that some user information must have changed in the identity provider (else the user record is not updated upon login). If that is the case, the next time an affected user logs in, authd will set their primary group ID to their UID.\n\nThis could lead to local privileges escalation. Also, files and directories created by those users will be owned by that incorrect primary group, which may grant other local users access to those files which they shouldn\u0027t have.\n\nUsers who are affected by the issue can run this script to fix the primary group ID of all authd users and the file ownership of files in the home directory created with the incorrect GID:\n\n```bash\nauthd_users=$(getent passwd --service authd | cut -d: -f1)\nfor user in $authd_users; do\n OLD_GID=$(id -g \"$user\")\n GID=$(getent group \"$user\" | cut -d: -f3)\n if [ -z \"$GID\" ]; then\n echo \"Warning: could not determine GID for $user, skipping\" \u003e\u00262\n continue\n fi\n if [ \"$OLD_GID\" = \"$GID\" ]; then\n continue # user not affected\n fi\n USER_HOME=$(getent passwd \"$user\" | cut -d: -f6)\n echo \"Fixing $user: resetting GID from $OLD_GID to $GID\"\n sudo authctl group set-gid \"$user\" \"$OLD_GID\"\n sudo authctl group set-gid \"$user\" \"$GID\"\n sudo chown -R --from=\":$OLD_GID\" \":$GID\" \"$USER_HOME\"\ndone\n```\n\nAfter applying the fix, affected users must log out and log back in for `id`, `groups`, and new file GID stamping to reflect the corrected primary group. You may also optionally terminate a user\u0027s active session with:\n\n```bash\nsudo loginctl terminate-user \"$user\"\n```\n\nIf the users also own files outside their home directory, the ownership of those files might have to be updated as well.\n\nFixed by: https://github.com/canonical/authd/commit/154b428305cb1a7a19c897626fefd09d6dde8b9f",
"id": "GHSA-fg3j-5w9g-hmg7",
"modified": "2026-05-05T22:04:07Z",
"published": "2026-05-05T22:04:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/canonical/authd/security/advisories/GHSA-fg3j-5w9g-hmg7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6970"
},
{
"type": "WEB",
"url": "https://github.com/canonical/authd/commit/154b428305cb1a7a19c897626fefd09d6dde8b9f"
},
{
"type": "PACKAGE",
"url": "https://github.com/canonical/authd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "authd: Primary group ID is incorrectly set to value of UID "
}
GHSA-FJM8-M7M6-2FJP
Vulnerability from github – Published: 2022-09-14 00:00 – Updated: 2022-09-16 21:39An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/containers/buildah"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.27.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-2990"
],
"database_specific": {
"cwe_ids": [
"CWE-842",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-15T03:24:17Z",
"nvd_published_at": "2022-09-13T14:15:00Z",
"severity": "HIGH"
},
"details": "An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.",
"id": "GHSA-fjm8-m7m6-2fjp",
"modified": "2022-09-16T21:39:13Z",
"published": "2022-09-14T00:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2990"
},
{
"type": "WEB",
"url": "https://github.com/containers/buildah/pull/4200"
},
{
"type": "WEB",
"url": "https://github.com/containers/buildah/commit/4a8bf740e862f2438279c6feee2ea59ddf0cda0b"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-2990"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121453"
},
{
"type": "PACKAGE",
"url": "https://github.com/containers/buildah"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2022-1008"
},
{
"type": "WEB",
"url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Buildah\u0027s incorrect handling of the supplementary groups may lead to data disclosure, modification"
}
GHSA-VH68-CV68-MVFR
Vulnerability from github – Published: 2023-02-01 06:30 – Updated: 2023-02-08 15:30Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.
{
"affected": [],
"aliases": [
"CVE-2022-45097"
],
"database_specific": {
"cwe_ids": [
"CWE-276",
"CWE-842"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-01T05:15:00Z",
"severity": "HIGH"
},
"details": "Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.",
"id": "GHSA-vh68-cv68-mvfr",
"modified": "2023-02-08T15:30:32Z",
"published": "2023-02-01T06:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45097"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VR2X-7687-H6QV
Vulnerability from github – Published: 2023-02-28 23:25 – Updated: 2023-03-01 01:55Impact
Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON, which is enabled by default when installing API Platform. Custom serialization formats may also be impacted. Only collection endpoints are affected by the issue, item endpoints are not. The JSON-LD format is not affected by the issue.
The result of the security rule is only executed for the first item of the collection. The result of the rule is then cached and reused for the next items. This bug can leak data to unauthorized users when the rule depends on the value of a property of the item. This bug can also hide properties that should be displayed to authorized users.
Patches
This issue impacts the 2.7, 3.0 and 3.1 branches. Upgrade to v2.7.10, v3.0.12 or v3.1.3.
Workarounds
Replace the cache_key of the context array of the Serializer inside a custom normalizer that works on objects if the security option of the ApiPlatform\Metadata\ApiProperty attribute is used.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "api-platform/core"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.0.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "api-platform/core"
},
"ranges": [
{
"events": [
{
"introduced": "3.1.0"
},
{
"fixed": "3.1.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "api-platform/core"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.7.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-25575"
],
"database_specific": {
"cwe_ids": [
"CWE-842",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-28T23:25:54Z",
"nvd_published_at": "2023-02-28T23:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\nResource properties secured with the `security` option of the `ApiPlatform\\Metadata\\ApiProperty` attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON, which is enabled by default when installing API Platform. Custom serialization formats may also be impacted. Only collection endpoints are affected by the issue, item endpoints are not. The JSON-LD format is not affected by the issue.\n\nThe result of the security rule is only executed for the first item of the collection. The result of the rule is then cached and reused for the next items. This bug can leak data to unauthorized users when the rule depends on the value of a property of the item. This bug can also hide properties that should be displayed to authorized users.\n\n### Patches\n\nThis issue impacts the 2.7, 3.0 and 3.1 branches. Upgrade to v2.7.10, v3.0.12 or v3.1.3.\n\n### Workarounds\n\nReplace the `cache_key` of the context array of the Serializer inside a custom normalizer that works on objects if the security option of the `ApiPlatform\\Metadata\\ApiProperty` attribute is used.",
"id": "GHSA-vr2x-7687-h6qv",
"modified": "2023-03-01T01:55:31Z",
"published": "2023-02-28T23:25:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/api-platform/core/security/advisories/GHSA-vr2x-7687-h6qv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25575"
},
{
"type": "WEB",
"url": "https://github.com/api-platform/core/commit/5723d68369722feefeb11e42528d9580db5dd0fb"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/api-platform/core/CVE-2023-25575.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/api-platform/core"
},
{
"type": "WEB",
"url": "https://github.com/api-platform/core/releases/tag/v2.7.10"
},
{
"type": "WEB",
"url": "https://github.com/api-platform/core/releases/tag/v3.0.12"
},
{
"type": "WEB",
"url": "https://github.com/api-platform/core/releases/tag/v3.1.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "api-platform/core\u0027s secured properties may be accessible within collections"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.