CWE-270
Privilege Context Switching Error
The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.
CVE-2017-2663 (GCVE-0-2017-2663)
Vulnerability from cvelistv5
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
Red Hat | subscription-manager |
Version: 1.19.4 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:02:07.221Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "97015", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97015" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/candlepin/subscription-manager/commit/2aa48ef65" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2663" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "subscription-manager", "vendor": "Red Hat", "versions": [ { "status": "affected", "version": "1.19.4" } ] } ], "datePublic": "2017-03-20T00:00:00", "descriptions": [ { "lang": "en", "value": "It was found that subscription-manager\u0027s DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to private information, or launch a privilege escalation attack." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-270", "description": "CWE-270", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-07-28T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "97015", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97015" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/candlepin/subscription-manager/commit/2aa48ef65" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2663" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-2663", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "subscription-manager", "version": { "version_data": [ { "version_value": "1.19.4" } ] } } ] }, "vendor_name": "Red Hat" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "It was found that subscription-manager\u0027s DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to private information, or launch a privilege escalation attack." } ] }, "impact": { "cvss": [ [ { "vectorString": "8.2/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-270" } ] } ] }, "references": { "reference_data": [ { "name": "97015", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97015" }, { "name": "https://github.com/candlepin/subscription-manager/commit/2aa48ef65", "refsource": "CONFIRM", "url": "https://github.com/candlepin/subscription-manager/commit/2aa48ef65" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2663", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2663" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-2663", "datePublished": "2018-07-27T20:00:00", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-08-05T14:02:07.221Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-14819 (GCVE-0-2019-14819)
Vulnerability from cvelistv5
► | URL | Tags | |||
---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
[Red Hat] | openshift-ansible |
Version: 3.x |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:26:39.118Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14819" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "openshift-ansible", "vendor": "[Red Hat]", "versions": [ { "status": "affected", "version": "3.x" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-266", "description": "CWE-266", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-270", "description": "CWE-270", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-07T17:02:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14819" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-14819", "datePublished": "2020-01-07T17:02:01", "dateReserved": "2019-08-10T00:00:00", "dateUpdated": "2024-08-05T00:26:39.118Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-1719 (GCVE-0-2020-1719)
Vulnerability from cvelistv5
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:46:30.328Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Wildfly", "vendor": "n/a", "versions": [ { "status": "affected", "version": "wildfly 20.0.0.Final" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-270", "description": "CWE-270", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-07T16:23:44", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-1719", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Wildfly", "version": { "version_data": [ { "version_value": "wildfly 20.0.0.Final" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-270" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-1719", "datePublished": "2021-06-07T16:23:44", "dateReserved": "2019-11-27T00:00:00", "dateUpdated": "2024-08-04T06:46:30.328Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-7019 (GCVE-0-2020-7019)
Vulnerability from cvelistv5
- CWE-270 - Privilege Context Switching Error
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
Elastic | Elasticsearch |
Version: before 7.9.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:18:02.598Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200827-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Elasticsearch", "vendor": "Elastic", "versions": [ { "status": "affected", "version": "before 7.9.0" } ] } ], "descriptions": [ { "lang": "en", "value": "In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-270", "description": "CWE-270: Privilege Context Switching Error", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-27T10:06:20", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200827-0001/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@elastic.co", "ID": "CVE-2020-7019", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Elasticsearch", "version": { "version_data": [ { "version_value": "before 7.9.0" } ] } } ] }, "vendor_name": "Elastic" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-270: Privilege Context Switching Error" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456", "refsource": "MISC", "url": "https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456" }, { "name": "https://security.netapp.com/advisory/ntap-20200827-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200827-0001/" } ] } } } }, "cveMetadata": { "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2020-7019", "datePublished": "2020-08-18T16:40:14", "dateReserved": "2020-01-14T00:00:00", "dateUpdated": "2024-08-04T09:18:02.598Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-7020 (GCVE-0-2020-7020)
Vulnerability from cvelistv5
- CWE-270 - Privilege Context Switching Error
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
Elastic | Elasticsearch |
Version: before 6.8.13 and 7.9.2 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:18:02.985Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://staging-website.elastic.co/community/security/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20201123-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Elasticsearch", "vendor": "Elastic", "versions": [ { "status": "affected", "version": "before 6.8.13 and 7.9.2" } ] } ], "descriptions": [ { "lang": "en", "value": "Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-270", "description": "CWE-270: Privilege Context Switching Error", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-11-23T11:06:12", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://staging-website.elastic.co/community/security/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20201123-0001/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@elastic.co", "ID": "CVE-2020-7020", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Elasticsearch", "version": { "version_data": [ { "version_value": "before 6.8.13 and 7.9.2" } ] } } ] }, "vendor_name": "Elastic" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-270: Privilege Context Switching Error" } ] } ] }, "references": { "reference_data": [ { "name": "https://staging-website.elastic.co/community/security/", "refsource": "MISC", "url": "https://staging-website.elastic.co/community/security/" }, { "name": "https://discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033", "refsource": "MISC", "url": "https://discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033" }, { "name": "https://security.netapp.com/advisory/ntap-20201123-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20201123-0001/" } ] } } } }, "cveMetadata": { "assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2020-7020", "datePublished": "2020-10-22T16:30:15", "dateReserved": "2020-01-14T00:00:00", "dateUpdated": "2024-08-04T09:18:02.985Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-3493 (GCVE-0-2021-3493)
Vulnerability from cvelistv5
- CWE-270 - Privilege Context Switching Error
Vendor | Product | Version | ||
---|---|---|---|---|
Ubuntu | linux kernel |
Version: 5.8 kernel < 5.8.0-50.56 Version: 5.4 kernel < 5.4.0-72.80 Version: 4.15 kernel < 4.15.0-142.146 Version: 4.4 kernel < 4.4.0-209.241 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:53:17.827Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-4917-1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2021/04/16/1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-3493", "options": [ { "Exploitation": "active" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-02-07T12:30:18.913674Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2022-10-20", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3493" }, "type": "kev" } } ], "providerMetadata": { "dateUpdated": "2025-07-30T01:38:13.347Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "timeline": [ { "lang": "en", "time": "2022-10-20T00:00:00+00:00", "value": "CVE-2021-3493 added to CISA KEV" } ], "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "linux kernel", "vendor": "Ubuntu", "versions": [ { "lessThan": "5.8.0-50.56", "status": "affected", "version": "5.8 kernel", "versionType": "custom" }, { "lessThan": "5.4.0-72.80", "status": "affected", "version": "5.4 kernel", "versionType": "custom" }, { "lessThan": "4.15.0-142.146", "status": "affected", "version": "4.15 kernel", "versionType": "custom" }, { "lessThan": "4.4.0-209.241", "status": "affected", "version": "4.4 kernel", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "An independent security researcher reporting to the SSD Secure Disclosure program" } ], "datePublic": "2021-04-15T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-270", "description": "CWE-270: Privilege Context Switching Error", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-03T19:06:06.000Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ubuntu.com/security/notices/USN-4917-1" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.openwall.com/lists/oss-security/2021/04/16/1" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.html" } ], "solutions": [ { "lang": "en", "value": "Apply https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52" } ], "source": { "discovery": "EXTERNAL" }, "workarounds": [ { "lang": "en", "value": "Disable unprivileged user namespaces." } ], "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2021-04-15T00:00:00.000Z", "ID": "CVE-2021-3493", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "linux kernel", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "5.8 kernel", "version_value": "5.8.0-50.56" }, { "version_affected": "\u003c", "version_name": "5.4 kernel", "version_value": "5.4.0-72.80" }, { "version_affected": "\u003c", "version_name": "4.15 kernel", "version_value": "4.15.0-142.146" }, { "version_affected": "\u003c", "version_name": "4.4 kernel", "version_value": "4.4.0-209.241" } ] } } ] }, "vendor_name": "Ubuntu" } ] } }, "credit": [ { "lang": "eng", "value": "An independent security researcher reporting to the SSD Secure Disclosure program" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-270: Privilege Context Switching Error" } ] } ] }, "references": { "reference_data": [ { "name": "https://ubuntu.com/security/notices/USN-4917-1", "refsource": "MISC", "url": "https://ubuntu.com/security/notices/USN-4917-1" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52" }, { "name": "https://www.openwall.com/lists/oss-security/2021/04/16/1", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2021/04/16/1" }, { "name": "http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html" }, { "name": "http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html" }, { "name": "http://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.html" } ] }, "solution": [ { "lang": "en", "value": "Apply https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52" } ], "source": { "discovery": "EXTERNAL" }, "work_around": [ { "lang": "en", "value": "Disable unprivileged user namespaces." } ] } } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2021-3493", "datePublished": "2021-04-17T04:20:16.706Z", "dateReserved": "2021-04-12T00:00:00.000Z", "dateUpdated": "2025-07-30T01:38:13.347Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-25754 (GCVE-0-2023-25754)
Vulnerability from cvelistv5
- CWE-270 - Privilege Context Switching Error
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:12.455Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/apache/airflow/pull/29506" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/05/08/2" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "airflow", "vendor": "apache", "versions": [ { "lessThan": "2.6.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-25754", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-10T19:27:15.556791Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-10T19:30:23.409Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache Airflow", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "2.6.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ksw9722@naver.com" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.\u003cp\u003eThis issue affects Apache Airflow: before 2.6.0.\u003c/p\u003e" } ], "value": "Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0." } ], "metrics": [ { "other": { "content": { "text": "moderate" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-270", "description": "CWE-270 Privilege Context Switching Error", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-08T12:00:11.232Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "patch" ], "url": "https://github.com/apache/airflow/pull/29506" }, { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v" }, { "url": "http://www.openwall.com/lists/oss-security/2023/05/08/2" } ], "source": { "discovery": "UNKNOWN" }, "title": "Apache Airflow: Privilege escalation using airflow logs", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-25754", "datePublished": "2023-05-08T11:57:45.144Z", "dateReserved": "2023-02-13T14:49:15.008Z", "dateUpdated": "2025-02-13T16:44:37.529Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-26475 (GCVE-0-2023-26475)
Vulnerability from cvelistv5
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
xwiki | xwiki-platform |
Version: >= 2.3-milestone-1, < 13.10.11 Version: >= 14.0-rc-1, < 14.4.7 Version: >= 14.5, < 14.10 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:53:54.511Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h6f5-8jj5-cxhr", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h6f5-8jj5-cxhr" }, { "name": "https://github.com/xwiki/xwiki-platform/commit/d87d7bfd8db18c20d3264f98c6deefeae93b99f7", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/xwiki/xwiki-platform/commit/d87d7bfd8db18c20d3264f98c6deefeae93b99f7" }, { "name": "https://jira.xwiki.org/browse/XWIKI-20360", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jira.xwiki.org/browse/XWIKI-20360" }, { "name": "https://jira.xwiki.org/browse/XWIKI-20384", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jira.xwiki.org/browse/XWIKI-20384" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-26475", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-03-05T21:22:54.543106Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-05T21:23:14.514Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "xwiki-platform", "vendor": "xwiki", "versions": [ { "status": "affected", "version": "\u003e= 2.3-milestone-1, \u003c 13.10.11" }, { "status": "affected", "version": "\u003e= 14.0-rc-1, \u003c 14.4.7" }, { "status": "affected", "version": "\u003e= 14.5, \u003c 14.10" } ] } ], "descriptions": [ { "lang": "en", "value": "XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. There is no easy workaround except to upgrade." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-270", "description": "CWE-270: Privilege Context Switching Error", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-02T18:07:04.129Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h6f5-8jj5-cxhr", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h6f5-8jj5-cxhr" }, { "name": "https://github.com/xwiki/xwiki-platform/commit/d87d7bfd8db18c20d3264f98c6deefeae93b99f7", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/xwiki/xwiki-platform/commit/d87d7bfd8db18c20d3264f98c6deefeae93b99f7" }, { "name": "https://jira.xwiki.org/browse/XWIKI-20360", "tags": [ "x_refsource_MISC" ], "url": "https://jira.xwiki.org/browse/XWIKI-20360" }, { "name": "https://jira.xwiki.org/browse/XWIKI-20384", "tags": [ "x_refsource_MISC" ], "url": "https://jira.xwiki.org/browse/XWIKI-20384" } ], "source": { "advisory": "GHSA-h6f5-8jj5-cxhr", "discovery": "UNKNOWN" }, "title": "XWiki Platform vulnerable to Remote Code Execution in Annotations" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-26475", "datePublished": "2023-03-02T18:07:04.129Z", "dateReserved": "2023-02-23T23:22:58.573Z", "dateUpdated": "2025-03-05T21:23:14.514Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-37912 (GCVE-0-2023-37912)
Vulnerability from cvelistv5
- CWE-270 - Privilege Context Switching Error
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
xwiki | xwiki-rendering |
Version: < 14.10.6 Version: >= 15.0-rc-1, < 15.1-rc-1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:23:27.739Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5" }, { "name": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e" }, { "name": "https://jira.xwiki.org/browse/XRENDERING-688", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jira.xwiki.org/browse/XRENDERING-688" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-37912", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T18:34:21.859558Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-12T20:47:45.452Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "xwiki-rendering", "vendor": "xwiki", "versions": [ { "status": "affected", "version": "\u003c 14.10.6" }, { "status": "affected", "version": "\u003e= 15.0-rc-1, \u003c 15.1-rc-1" } ] } ], "descriptions": [ { "lang": "en", "value": "XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-270", "description": "CWE-270: Privilege Context Switching Error", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-25T17:33:54.756Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5" }, { "name": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e" }, { "name": "https://jira.xwiki.org/browse/XRENDERING-688", "tags": [ "x_refsource_MISC" ], "url": "https://jira.xwiki.org/browse/XRENDERING-688" } ], "source": { "advisory": "GHSA-35j5-m29r-xfq5", "discovery": "UNKNOWN" }, "title": "XWiki Rendering\u0027s footnote macro vulnerable to privilege escalation via the footnote macro" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-37912", "datePublished": "2023-10-25T17:33:54.756Z", "dateReserved": "2023-07-10T17:51:29.611Z", "dateUpdated": "2024-09-12T20:47:45.452Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-11263 (GCVE-0-2024-11263)
Vulnerability from cvelistv5
- CWE-270 - Privilege Context Switching Error
Vendor | Product | Version | ||
---|---|---|---|---|
zephyrproject-rtos | Zephyr |
Version: * |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:zephyrproject-rtos:zephyr:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "zephyr", "vendor": "zephyrproject-rtos", "versions": [ { "lessThanOrEqual": "3.7", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-11263", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-18T17:44:38.277866Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-18T17:45:21.489Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "Zephyr", "product": "Zephyr", "repo": "https://github.com/zephyrproject-rtos/zephyr", "vendor": "zephyrproject-rtos", "versions": [ { "lessThanOrEqual": "3.7", "status": "affected", "version": "*", "versionType": "git" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y" } ], "value": "When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-270", "description": "Privilege Context Switching Error", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T22:53:58.593Z", "orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "shortName": "zephyr" }, "references": [ { "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jjf3-7x72-pqm9" } ], "source": { "discovery": "UNKNOWN" }, "title": "arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "assignerShortName": "zephyr", "cveId": "CVE-2024-11263", "datePublished": "2024-11-15T22:53:58.593Z", "dateReserved": "2024-11-15T16:34:35.784Z", "dateUpdated": "2024-11-18T17:45:21.489Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-17
Phases: Architecture and Design, Operation
Strategy: Environment Hardening
Description:
- Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Mitigation ID: MIT-49
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-30: Hijacking a Privileged Thread of Execution
An adversary hijacks a privileged thread of execution by injecting malicious code into a running process. By using a privleged thread to do their bidding, adversaries can evade process-based detection that would stop an attack that creates a new process. This can lead to an adversary gaining access to the process's memory and can also enable elevated privileges. The most common way to perform this attack is by suspending an existing thread and manipulating its memory.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.