目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-270 特权上下文切换错误 类漏洞列表 23

CWE-270 特权上下文切换错误 类弱点 23 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-270 属于特权上下文切换错误,指产品在切换不同特权或控制域时未能妥善管理权限。攻击者常利用此缺陷,在上下文转换期间通过提升权限执行未授权操作,从而突破安全边界。开发者应避免在特权切换过程中保留或继承不当权限,确保每次上下文变更都重新验证并最小化权限分配,严格隔离不同安全域,以消除权限提升风险。

MITRE CWE 官方描述
CWE:CWE-270 Privilege Context Switching Error(特权上下文切换错误) 英文:The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control. 译文:产品在切换具有不同特权或控制范围的不同上下文时,未能正确管理特权。
常见影响 (1)
Access ControlGain Privileges or Assume Identity
A user can assume the identity of another user with separate privileges in another context. This will give the user unauthorized access that may allow them to acquire the access information of other users.
缓解措施 (3)
Architecture and Design, OperationVery carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Architecture and Design, OperationRun your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database ad…
Architecture and DesignConsider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CVE ID标题CVSS风险等级Published
CVE-2026-34853 Huawei EMUI和Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.7 High2026-04-13
CVE-2025-55210 FreePBX 安全漏洞 — api 8.8AIHighAI2026-02-12
CVE-2025-60721 Microsoft Windows 安全漏洞 — Windows 11 Version 24H2 7.8 High2025-11-11
CVE-2025-9408 Zephyr 安全漏洞 — Zephyr 8.2 High2025-11-11
CVE-2025-26499 Wind River Studio Developer 安全漏洞 — Wind River Studio Developer 6.0 Medium2025-09-11
CVE-2025-46406 Gallagher Command Centre Server 安全漏洞 — Command Centre Server 5.6 Medium2025-07-10
CVE-2025-49583 XWiki Platform 安全漏洞 — xwiki-platform 4.6AIMediumAI2025-06-13
CVE-2024-46975 Imagination GPU Driver 安全漏洞 — Graphics DDK 7.8 -2025-02-22
CVE-2024-12570 GitLab 安全漏洞 — GitLab 6.7 Medium2024-12-12
CVE-2024-11263 Zephyr 安全漏洞 — Zephyr 9.4 Critical2024-11-15
CVE-2024-36513 Fortinet FortiClient 安全漏洞 — FortiClientWindows 7.4 High2024-11-12
CVE-2024-51987 Duende.AccessTokenManagement 安全漏洞 — Duende.AccessTokenManagement 5.4 Medium2024-11-07
CVE-2024-47173 Aimeos 安全漏洞 — ai-admin-graphql 5.5 Medium2024-10-24
CVE-2024-8641 GitLab 安全漏洞 — GitLab 6.7 Medium2024-09-12
CVE-2024-37294 Aimeos 安全漏洞 — aimeos-core 5.5 Medium2024-06-11
CVE-2023-37912 XWiki Rendering 安全漏洞 — xwiki-rendering 10.0 Critical2023-10-25
CVE-2023-25754 Apache Airflow 安全漏洞 — Apache Airflow 7.5 -2023-05-08
CVE-2023-26475 XWiki Platform 安全漏洞 — xwiki-platform 10.0 Critical2023-03-02
CVE-2020-1719 Red Hat Wildfly 安全漏洞 — Wildfly 7.1 -2021-06-07
CVE-2021-3493 Linux kernel 安全漏洞 — linux kernel 8.8 High2021-04-17
CVE-2020-7020 Elasticsearch 安全漏洞 — Elasticsearch 3.1 -2020-10-22
CVE-2020-7019 Elasticsearch 安全漏洞 — Elasticsearch 6.5 -2020-08-18
CVE-2017-2663 Red Hat Candlepin subscription-manager 权限许可和访问控制漏洞 — subscription-manager 7.8 -2018-07-27

CWE-270(特权上下文切换错误) 是常见的弱点类别,本平台收录该类弱点关联的 23 条 CVE 漏洞。