Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-266 (特权授予不正确) — Vulnerability Class 382

382 vulnerabilities classified as CWE-266 (特权授予不正确). AI Chinese analysis included.

CWE-266 represents a critical access control weakness where software incorrectly assigns privileges to an actor, granting them an unintended sphere of control. This flaw typically arises from flawed logic in role-based or discretionary access control mechanisms, allowing users to perform actions beyond their authorized scope. Attackers exploit this by manipulating input parameters or session tokens to escalate privileges, effectively bypassing security boundaries to access sensitive data or execute administrative functions. To prevent such vulnerabilities, developers must implement robust, centralized authorization checks that verify permissions at every critical point of execution rather than relying on client-side validations. Adhering to the principle of least privilege ensures that actors receive only the minimum access necessary for their specific tasks. Rigorous code reviews and automated security testing further help identify incorrect privilege assignments before deployment, maintaining strict integrity over system resources.

MITRE CWE Description
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Common Consequences (1)
Access ControlGain Privileges or Assume Identity
A user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts.
Mitigations (2)
Architecture and Design, OperationVery carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Architecture and Design, OperationRun your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database ad…
Examples (2)
The following example demonstrates the weakness.
seteuid(0); /* do some stuff */ seteuid(getuid());
Bad · C
The following example demonstrates the weakness.
AccessController.doPrivileged(new PrivilegedAction() { public Object run() { // privileged code goes here, for example: System.loadLibrary("awt"); return null; // nothing to return }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2024-31912 IBM MQ privilege escalation — MQ 7.5 High2024-06-28
CVE-2024-27275 IBM i privilege escalation — i 7.4 High2024-06-15
CVE-2024-0085 CVE — vGPU software and Cloud Gaming 6.3 Medium2024-06-13
CVE-2024-37293 aws-deployment-framework's potential risk can lead to privilege escalation — aws-deployment-framework 7.6 High2024-06-11
CVE-2024-35700 WordPress UserPro plugin <= 5.1.8 - Unauthenticated Account Takeover vulnerability — Userpro 9.8 Critical2024-06-04
CVE-2024-4870 Frontend Registration – Contact Form 7 <= 5.1 - Authenticated (Editor+) Privilege Escalation — Frontend Registration – Contact Form 7 7.2 High2024-06-04
CVE-2024-32959 WordPress Sirv plugin <= 7.2.2 - Arbitrary Option Update to Privilege Escalation vulnerability — Sirv 8.8 High2024-05-17
CVE-2024-32507 WordPress Login with phone number plugin <= 1.7.16 - Privilege Escalation vulnerability — Login with phone number 8.8 High2024-05-17
CVE-2024-24882 WordPress LMS by Masteriyo plugin <= 1.7.2 - Privilege Escalation vulnerability — Masteriyo - LMS 9.8 Critical2024-05-17
CVE-2024-22145 WordPress InstaWP Connect plugin <= 0.1.0.8 - Arbitrary Option Update to Privilege Escalation vulnerability — InstaWP Connect 8.8 High2024-05-17
CVE-2024-20389 Cisco Crosswork Network Services Orchestrator 安全漏洞 — Cisco ConfD 7.8 High2024-05-16
CVE-2024-27273 IBM AIX privilege escalation — AIX 8.1 High2024-05-07
CVE-2024-2409 MasterStudy LMS <= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action — MasterStudy LMS WordPress Plugin – for Online Courses and Education 9.8 Critical2024-03-29
CVE-2024-20320 Cisco IOS XR 安全漏洞 — Cisco IOS XR Software 7.8 High2024-03-13
CVE-2023-6477 Incorrect Privilege Assignment in GitLab — GitLab 6.7 Medium2024-02-21
CVE-2024-23976 BIG-IP Appliance mode iAppsLX vulnerability — BIG-IP 6.0 Medium2024-02-14
CVE-2023-6815 Mitsubishi Electric MELSEC iQ-R series 安全漏洞 — MELSEC iQ-R Series Safety CPU R08SFCPU 6.5 Medium2024-02-13
CVE-2023-5080 Lenovo Tablet 安全漏洞 — Tablet 6.8 Medium2024-01-19
CVE-2023-49647 Zoom Desktop Client for Windows - Improper Access Control — Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 8.8 High2024-01-12
CVE-2023-47140 IBM CICS Transaction Gateway improper access controls — CICS Transaction Gateway Containers 4.0 Medium2024-01-08
CVE-2023-29066 Incorrect User Management — FACSChorus 3.2 Low2023-11-28
CVE-2023-6009 UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation — UserPro - Community and User Profile WordPress Plugin 8.8 High2023-11-22
CVE-2023-5913 A potential Privilege Escalation vulnerability in opentext Fortify ScanCentral DAST API. — Fortify ScanCentral DAST 8.2 High2023-11-08
CVE-2023-5077 Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets — Vault 7.6 High2023-09-28
CVE-2023-3775 Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service — Vault Enterprise 4.2 Medium2023-09-28
CVE-2023-4153 BAN Users <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update & Privilege Escalation — BAN Users 8.8 High2023-09-13
CVE-2023-3518 JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access — Consul 7.4 High2023-08-09
CVE-2023-39173 JetBrains TeamCity 安全漏洞 — TeamCity 5.4 Medium2023-07-25
CVE-2023-3300 Nomad Search API Leaks Information About CSI Plugins — Nomad 5.3 Medium2023-07-19
CVE-2023-3072 Nomad ACL Policies without Label are Applied to Unexpected Resources — Nomad 4.1 Medium2023-07-19

Vulnerabilities classified as CWE-266 (特权授予不正确) represent 382 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.