Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-269 (特权管理不恰当) — Vulnerability Class 1004

1004 vulnerabilities classified as CWE-269 (特权管理不恰当). AI Chinese analysis included.

CWE-269 represents a critical access control weakness where software fails to properly assign, modify, track, or verify privileges for users or processes. This flaw allows actors to operate outside their intended security boundaries, effectively granting them an unintended sphere of control. Attackers typically exploit this vulnerability by manipulating session tokens, bypassing authentication checks, or leveraging insufficient authorization logic to escalate privileges from a standard user to an administrator. Such exploitation can lead to unauthorized data access, system modification, or complete compromise. To prevent this, developers must implement robust identity and access management frameworks that enforce strict least-privilege principles. Regularly auditing permission assignments, utilizing role-based access control, and rigorously validating user rights at every critical application checkpoint are essential strategies to ensure actors only possess the minimum necessary privileges for their specific tasks.

MITRE CWE Description
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Common Consequences (1)
Access ControlGain Privileges or Assume Identity
Mitigations (3)
Architecture and Design, OperationVery carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Architecture and DesignFollow the principle of least privilege when assigning access rights to entities in a software system.
Architecture and DesignConsider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
Examples (2)
This code temporarily raises the program's privileges to allow creation of a new user folder.
def makeNewUserDir(username): if invalidUsername(username): #avoid CWE-22 and CWE-78 print('Usernames cannot contain invalid characters') return False try: raisePrivileges() os.mkdir('/home/' + username) lowerPrivileges() except OSError: print('Unable to create new user directory for user:' + username) return False return True
Bad · Python
The following example demonstrates the weakness.
seteuid(0); /* do some stuff */ seteuid(getuid());
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2023-5797 Zyxel ATP 安全漏洞 — ATP series firmware 5.5 Medium2023-11-28
CVE-2023-5650 Zyxel ATP 安全漏洞 — ATP series firmware 5.5 Medium2023-11-28
CVE-2023-37925 Zyxel ATP 安全漏洞 — ATP series firmware 5.5 Medium2023-11-28
CVE-2023-41808 Arbitrary File Read As Root Via GoTTY Page — Pandora FMS 8.5 High2023-11-23
CVE-2023-41807 Linux Local Privilege Escalation Via GoTTY Page — Pandora FMS 9.1 Critical2023-11-23
CVE-2023-41806 Misassignment of privileges can cause DOS attack — Pandora FMS 8.2 High2023-11-23
CVE-2021-37937 Elasticsearch privilege escalation — Elasticsearch 5.9 Medium2023-11-22
CVE-2021-37942 APM Java Agent Local Privilege Escalation — Elastic APM Java Agent 7.0 High2023-11-22
CVE-2023-20274 Cisco AppDynamics PHP Agent 安全漏洞 — Cisco AppDynamics 6.3 Medium2023-11-21
CVE-2023-6119 Trellix GetSusp 安全漏洞 — GetSusp 6.5 Medium2023-11-16
CVE-2023-47629 Privilege escalation through email sign-up in datahub — datahub 7.1 High2023-11-14
CVE-2023-6099 Shenzhen Youkate Industrial Facial Love Cloud Payment System Account SystemMng.ashx privileges management — Facial Love Cloud Payment System 7.3 High2023-11-13
CVE-2023-47611 Telit 多款产品安全漏洞 — BGS5 7.8 High2023-11-10
CVE-2023-46758 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.5 -2023-11-08
CVE-2023-46771 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.5 -2023-11-08
CVE-2023-5978 Incorrect libcap_net limitation list manipulation — FreeBSD 7.5 -2023-11-08
CVE-2023-35140 Zyxel GS1900 安全漏洞 — GS1900-24EP firmware 5.5 Medium2023-11-07
CVE-2023-5408 Openshift: modification of node role labels — Red Hat OpenShift Container Platform 4.11 7.2 High2023-11-02
CVE-2023-20048 Cisco Firepower Management Center 安全漏洞 — Cisco Firepower Management Center 9.9 Critical2023-11-01
CVE-2023-5847 Tenable Network Security Nessus 安全漏洞 — Nessus 6.7 Medium2023-11-01
CVE-2023-40685 IBM i privilege escalation — i 7.4 High2023-10-29
CVE-2023-40686 IBM i privilege escalation — i 4.9 Medium2023-10-29
CVE-2023-44219 SonicWall Directory Services Connector Windows MSI 安全漏洞 — Directory Services Connector 7.8 -2023-10-27
CVE-2023-4607 Lenovo XClarity Controller 安全漏洞 — Lenovo XClarity Controller (XCC) 7.5 High2023-10-24
CVE-2021-26734 Junction Delete leading to elevation of privilege — Client Connector 4.4 Medium2023-10-23
CVE-2023-41715 SonicWALL SonicOS 安全漏洞 — SonicOS 8.8 -2023-10-17
CVE-2023-4822 Grafana 安全漏洞 — Grafana Enterprise 6.7 Medium2023-10-16
CVE-2023-4834 MB connect line mbCONNECT24和mymbCONNECT24 安全漏洞 — mbCONNECT24 4.3 Medium2023-10-16
CVE-2023-40377 IBM i privilege escalation — i 4.9 Medium2023-10-16
CVE-2023-40378 IBM i privilege escalation — i 4.9 Medium2023-10-15

Vulnerabilities classified as CWE-269 (特权管理不恰当) represent 1004 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.