CWE-271
Privilege Dropping / Lowering Errors
The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.
CVE-2019-11243 (GCVE-0-2019-11243)
Vulnerability from cvelistv5
Published
2019-04-22 14:54
Modified
2024-08-04 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-271 - Privilege Dropping / Lowering Errors
Summary
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | Kubernetes |
Version: v1.12 < Version: v1.13 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/76797"
},
{
"name": "108053",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108053"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190509-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "v1.12.4",
"status": "affected",
"version": "v1.12",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.13.0",
"status": "affected",
"version": "v1.13",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Oleg Bulatov of Red Hat"
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-271",
"description": "CWE-271 Privilege Dropping / Lowering Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-09T10:06:03",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/76797"
},
{
"name": "108053",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108053"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190509-0002/"
}
],
"source": {
"discovery": "USER"
},
"workarounds": [
{
"lang": "en",
"value": "Clear the config.WrapTransport and config.Transport fields in addition to calling rest.AnonymousClientConfig()"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jordan@liggitt.net",
"ID": "CVE-2019-11243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "v1.12",
"version_value": "v1.12.4"
},
{
"version_affected": "\u003c=",
"version_name": "v1.13",
"version_value": "v1.13.0"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Oleg Bulatov of Red Hat"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-271 Privilege Dropping / Lowering Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/76797",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/76797"
},
{
"name": "108053",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108053"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190509-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190509-0002/"
}
]
},
"source": {
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Clear the config.WrapTransport and config.Transport fields in addition to calling rest.AnonymousClientConfig()"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2019-11243",
"datePublished": "2019-04-22T14:54:15",
"dateReserved": "2019-04-17T00:00:00",
"dateUpdated": "2024-08-04T22:48:09.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35513 (GCVE-0-2020-35513)
Vulnerability from cvelistv5
Published
2021-01-25 15:58
Modified
2024-08-04 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911309"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://patchwork.kernel.org/project/linux-nfs/patch/20180403203916.GH20297%40fieldses.org/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before kernel 4.17-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-271",
"description": "CWE-271",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-25T15:58:21",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911309"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://patchwork.kernel.org/project/linux-nfs/patch/20180403203916.GH20297%40fieldses.org/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-35513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "before kernel 4.17-rc1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-271"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1911309",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911309"
},
{
"name": "https://patchwork.kernel.org/project/linux-nfs/patch/20180403203916.GH20297@fieldses.org/",
"refsource": "MISC",
"url": "https://patchwork.kernel.org/project/linux-nfs/patch/20180403203916.GH20297@fieldses.org/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35513",
"datePublished": "2021-01-25T15:58:21",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3569 (GCVE-0-2022-3569)
Vulnerability from cvelistv5
Published
2022-10-17 22:45
Modified
2025-05-13 15:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-271 - Privilege Dropping / Lowering Errors
Summary
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synacor | Zimbra Collaboration Suite (ZCS) |
Version: 9.0.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:02.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/ldsopreload/status/1580539318879547392"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/17141"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3569",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T15:03:54.734468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:04:07.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Zimbra Collaboration Suite (ZCS)",
"vendor": "Synacor",
"versions": [
{
"lessThanOrEqual": "9.0.0",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Originally reported by Twitter user @ldsopreload, validated by Ron Bowes of Rapid7"
}
],
"datePublic": "2022-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the \u0027zimbra\u0027 user can effectively coerce postfix into running arbitrary commands as \u0027root\u0027."
}
],
"exploits": [
{
"lang": "en",
"value": "A public Metasploit module exists for this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-271",
"description": "CWE-271 Privilege Dropping / Lowering Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-19T00:00:00.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"url": "https://twitter.com/ldsopreload/status/1580539318879547392"
},
{
"url": "https://github.com/rapid7/metasploit-framework/pull/17141"
},
{
"url": "http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.html"
}
],
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-3569",
"datePublished": "2022-10-17T22:45:11.553Z",
"dateReserved": "2022-10-17T00:00:00.000Z",
"dateUpdated": "2025-05-13T15:04:07.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22648 (GCVE-0-2023-22648)
Vulnerability from cvelistv5
Published
2023-06-01 12:49
Modified
2024-10-09 08:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-271 - Privilege Dropping / Lowering Errors
Summary
A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users
while they are logged in the Rancher UI. This would cause the users to
retain their previous permissions in Rancher, even if they change groups
on Azure AD, for example, to a lower privileged group, or are removed
from a group, thus retaining their access to Rancher instead of losing
it.
This issue affects Rancher: from >= 2.6.7 before < 2.6.13, from >= 2.7.0 before < 2.7.4.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-vf6j-6739-78m8"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "\u003c 2.6.13",
"status": "affected",
"version": "\u003e= 2.6.7",
"versionType": "2.6.13"
},
{
"lessThan": "\u003c 2.7.4",
"status": "affected",
"version": "\u003e= 2.7.0",
"versionType": "2.7.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "https://github.com/yvespp"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users \nwhile they are logged in the Rancher UI. This would cause the users to \nretain their previous permissions in Rancher, even if they change groups\n on Azure AD, for example, to a lower privileged group, or are removed \nfrom a group, thus retaining their access to Rancher instead of losing \nit.\u003cbr\u003e\u003cp\u003eThis issue affects Rancher: from \u0026gt;= 2.6.7 before \u0026lt; 2.6.13, from \u0026gt;= 2.7.0 before \u0026lt; 2.7.4.\u003c/p\u003e"
}
],
"value": "A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users \nwhile they are logged in the Rancher UI. This would cause the users to \nretain their previous permissions in Rancher, even if they change groups\n on Azure AD, for example, to a lower privileged group, or are removed \nfrom a group, thus retaining their access to Rancher instead of losing \nit.\nThis issue affects Rancher: from \u003e= 2.6.7 before \u003c 2.6.13, from \u003e= 2.7.0 before \u003c 2.7.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-271",
"description": "CWE-271: Privilege Dropping / Lowering Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T08:32:01.217Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-vf6j-6739-78m8"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22648"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2023-22648",
"datePublished": "2023-06-01T12:49:35.238Z",
"dateReserved": "2023-01-05T10:40:08.605Z",
"dateUpdated": "2024-10-09T08:32:01.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38496 (GCVE-0-2023-38496)
Vulnerability from cvelistv5
Published
2023-07-25 21:02
Modified
2024-10-10 17:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:54.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/apptainer/apptainer/security/advisories/GHSA-mmx5-32m4-wxvx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/apptainer/apptainer/security/advisories/GHSA-mmx5-32m4-wxvx"
},
{
"name": "https://github.com/apptainer/apptainer/pull/1523",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apptainer/apptainer/pull/1523"
},
{
"name": "https://github.com/apptainer/apptainer/pull/1578",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apptainer/apptainer/pull/1578"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:24:46.824995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:31:57.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "apptainer",
"vendor": "apptainer",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.2.0-rc.2, \u003c 1.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-271",
"description": "CWE-271: Privilege Dropping / Lowering Errors",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T21:02:12.018Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/apptainer/apptainer/security/advisories/GHSA-mmx5-32m4-wxvx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/apptainer/apptainer/security/advisories/GHSA-mmx5-32m4-wxvx"
},
{
"name": "https://github.com/apptainer/apptainer/pull/1523",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apptainer/apptainer/pull/1523"
},
{
"name": "https://github.com/apptainer/apptainer/pull/1578",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apptainer/apptainer/pull/1578"
}
],
"source": {
"advisory": "GHSA-mmx5-32m4-wxvx",
"discovery": "UNKNOWN"
},
"title": "Apptainer\u0027s ineffective privileges drop when requesting container network"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-38496",
"datePublished": "2023-07-25T21:02:12.018Z",
"dateReserved": "2023-07-18T16:28:12.076Z",
"dateUpdated": "2024-10-10T17:31:57.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0985 (GCVE-0-2024-0985)
Vulnerability from cvelistv5
Published
2024-02-08 13:00
Modified
2025-06-13 15:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-271 - Privilege Dropping / Lowering Errors
Summary
Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PostgreSQL |
Version: 16 < 16.2 Version: 15 < 15.6 Version: 14 < 14.11 Version: 13 < 13.14 Version: 0 < 12.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-12-20T13:06:41.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.postgresql.org/support/security/CVE-2024-0985/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://saites.dev/projects/personal/postgres-cve-2024-0985/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241220-0005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0985",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-16T05:00:50.348714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T15:09:30.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PostgreSQL",
"vendor": "n/a",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "16",
"versionType": "rpm"
},
{
"lessThan": "15.6",
"status": "affected",
"version": "15",
"versionType": "rpm"
},
{
"lessThan": "14.11",
"status": "affected",
"version": "14",
"versionType": "rpm"
},
{
"lessThan": "13.14",
"status": "affected",
"version": "13",
"versionType": "rpm"
},
{
"lessThan": "12.18",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "attacker has permission to create non-temporary objects in at least one schema"
}
],
"credits": [
{
"lang": "en",
"value": "The PostgreSQL project thanks Pedro Gallegos for reporting this problem."
}
],
"descriptions": [
{
"lang": "en",
"value": "Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker\u0027s roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker\u0027s materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-271",
"description": "Privilege Dropping / Lowering Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T17:13:47.434Z",
"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"shortName": "PostgreSQL"
},
"references": [
{
"url": "https://www.postgresql.org/support/security/CVE-2024-0985/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00017.html"
},
{
"url": "https://saites.dev/projects/personal/postgres-cve-2024-0985/"
}
],
"title": "PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL",
"workarounds": [
{
"lang": "en",
"value": "Use REFRESH MATERIALIZED VIEW without CONCURRENTLY."
},
{
"lang": "en",
"value": "In a new database connection, authenticate as the materialized view owner."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"assignerShortName": "PostgreSQL",
"cveId": "CVE-2024-0985",
"datePublished": "2024-02-08T13:00:02.411Z",
"dateReserved": "2024-01-27T20:47:02.113Z",
"dateUpdated": "2025-06-13T15:09:30.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35179 (GCVE-0-2024-35179)
Vulnerability from cvelistv5
Published
2024-05-15 15:55
Modified
2024-08-02 03:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-271 - Privilege Dropping / Lowering Errors
Summary
Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using `RUN_AS_USER`, the specified user (and therefore, web interface admins) can read arbitrary files as root. This issue affects admins who have set up to run stalwart with `RUN_AS_USER` who handed out admin credentials to the mail server but expect these to only grant access according to the `RUN_AS_USER` and are attacked where the attackers managed to achieve Arbitrary Code Execution using another vulnerability. Version 0.8.0 contains a patch for the issue.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stalwartlabs | mail-server |
Version: < 0.8.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:stalwartlabs:mail-server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mail-server",
"vendor": "stalwartlabs",
"versions": [
{
"lessThan": "0.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35179",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T18:11:30.074795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T19:38:19.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/stalwartlabs/mail-server/security/advisories/GHSA-5pfx-j27j-4c6h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/stalwartlabs/mail-server/security/advisories/GHSA-5pfx-j27j-4c6h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mail-server",
"vendor": "stalwartlabs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using `RUN_AS_USER`, the specified user (and therefore, web interface admins) can read arbitrary files as root. This issue affects admins who have set up to run stalwart with `RUN_AS_USER` who handed out admin credentials to the mail server but expect these to only grant access according to the `RUN_AS_USER` and are attacked where the attackers managed to achieve Arbitrary Code Execution using another vulnerability. Version 0.8.0 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-271",
"description": "CWE-271: Privilege Dropping / Lowering Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T15:55:28.261Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/stalwartlabs/mail-server/security/advisories/GHSA-5pfx-j27j-4c6h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/stalwartlabs/mail-server/security/advisories/GHSA-5pfx-j27j-4c6h"
}
],
"source": {
"advisory": "GHSA-5pfx-j27j-4c6h",
"discovery": "UNKNOWN"
},
"title": "Unprivileged Stalwart Mail Server user can read files as root"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-35179",
"datePublished": "2024-05-15T15:55:28.261Z",
"dateReserved": "2024-05-10T14:24:24.338Z",
"dateUpdated": "2024-08-02T03:07:46.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23395 (GCVE-0-2025-23395)
Vulnerability from cvelistv5
Published
2025-05-26 15:18
Modified
2025-05-27 14:10
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-271 - Privilege Dropping / Lowering Errors
Summary
Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with `root` ownership, the invoking user's (real) group ownership and file mode 0644. All data written to the Screen PTY will be logged into this file, allowing to escalate to root privileges
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23395",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T14:10:26.175851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T14:10:29.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.openwall.com/lists/oss-security/2025/05/12/1"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.savannah.gnu.org/cgit/screen.git",
"defaultStatus": "unaffected",
"packageName": "screen",
"versions": [
{
"lessThanOrEqual": "5.0.0",
"status": "affected",
"version": "5.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthias Gerstner, SUSE"
}
],
"datePublic": "2025-05-12T15:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eScreen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with `root` ownership, the invoking user\u0027s (real) group ownership and file mode 0644. All data written to the Screen PTY will be logged into this file, allowing to escalate to root privileges\u003c/div\u003e"
}
],
"value": "Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with `root` ownership, the invoking user\u0027s (real) group ownership and file mode 0644. All data written to the Screen PTY will be logged into this file, allowing to escalate to root privileges"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-271",
"description": "CWE-271: Privilege Dropping / Lowering Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-26T15:18:46.694Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23395"
},
{
"url": "https://www.openwall.com/lists/oss-security/2025/05/12/1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local root exploit via `logfile_reopen()` in screen 5.0.0 with setuid-root bit set",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-23395",
"datePublished": "2025-05-26T15:18:46.694Z",
"dateReserved": "2025-01-15T12:39:03.324Z",
"dateUpdated": "2025-05-27T14:10:29.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53819 (GCVE-0-2025-53819)
Vulnerability from cvelistv5
Published
2025-07-14 20:42
Modified
2025-07-15 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-271 - Privilege Dropping / Lowering Errors
Summary
Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-15T13:55:22.262473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T19:50:28.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nix",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "= 2.30.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-271",
"description": "CWE-271: Privilege Dropping / Lowering Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T20:42:12.818Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/nix/security/advisories/GHSA-qc7j-jgf3-qmhg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/nix/security/advisories/GHSA-qc7j-jgf3-qmhg"
},
{
"name": "https://github.com/NixOS/nix/pull/13281",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nix/pull/13281"
},
{
"name": "https://github.com/NixOS/nix/pull/13455",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nix/pull/13455"
},
{
"name": "https://github.com/NixOS/nix/commit/e2ef2cfcbc83ea01308ee64c38a58707ab23dec3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nix/commit/e2ef2cfcbc83ea01308ee64c38a58707ab23dec3"
}
],
"source": {
"advisory": "GHSA-qc7j-jgf3-qmhg",
"discovery": "UNKNOWN"
},
"title": "Nix\u0027s privilege dropping to build user broke for macOS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53819",
"datePublished": "2025-07-14T20:42:12.818Z",
"dateReserved": "2025-07-09T14:14:52.529Z",
"dateUpdated": "2025-07-15T19:50:28.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-46
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-49
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
No CAPEC attack patterns related to this CWE.