Common Weakness Enumeration

CWE-266

Allowed

Incorrect Privilege Assignment

Abstraction: Base · Status: Draft

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

1913 vulnerabilities reference this CWE, most recent first.

GHSA-2HFM-WH8P-MFQM

Vulnerability from github – Published: 2026-02-08 03:30 – Updated: 2026-02-08 03:30
VLAI
Details

A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translation Handler. The manipulation results in improper authorization. The attack can be launched remotely. Upgrading to version 8.19 is sufficient to fix this issue. The patch is identified as f244a43771f6ebf40218b83b9f46dba6b940d7de. It is suggested to upgrade the affected component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-2209"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-08T02:15:57Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translation Handler. The manipulation results in improper authorization. The attack can be launched remotely. Upgrading to version 8.19 is sufficient to fix this issue. The patch is identified as f244a43771f6ebf40218b83b9f46dba6b940d7de. It is suggested to upgrade the affected component.",
  "id": "GHSA-2hfm-wh8p-mfqm",
  "modified": "2026-02-08T03:30:27Z",
  "published": "2026-02-08T03:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2209"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wekan/wekan/commit/f244a43771f6ebf40218b83b9f46dba6b940d7de"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wekan/wekan"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wekan/wekan/releases/tag/v8.19"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.344923"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.344923"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.752269"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2HP6-4VGR-WVJW

Vulnerability from github – Published: 2024-09-11 06:30 – Updated: 2024-09-11 06:30
VLAI
Details

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta to become an administrator.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8253"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-11T04:15:05Z",
    "severity": "HIGH"
  },
  "details": "The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta to become an administrator.",
  "id": "GHSA-2hp6-4vgr-wvjw",
  "modified": "2024-09-11T06:30:39Z",
  "published": "2024-09-11T06:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8253"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/post-grid/trunk/includes/blocks/form-wrap/functions.php#L3032"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3130155/post-grid/tags/2.2.87/includes/blocks/form-wrap/functions.php"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3146752/post-grid/tags/2.2.91/includes/blocks/form-wrap/functions.php"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5f18cae-b7f8-4afd-adfa-c616c63f9419?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2HRX-XX6V-C3V2

Vulnerability from github – Published: 2024-08-08 18:31 – Updated: 2025-10-01 03:30
VLAI
Details

An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7480"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-08T16:15:09Z",
    "severity": "MODERATE"
  },
  "details": "An\u00a0Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system.\u00a0Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.",
  "id": "GHSA-2hrx-xx6v-c3v2",
  "modified": "2025-10-01T03:30:26Z",
  "published": "2024-08-08T18:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7480"
    },
    {
      "type": "WEB",
      "url": "https://download.avaya.com/css/public/documents/101091159"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2J2W-6VXV-4P23

Vulnerability from github – Published: 2025-07-26 09:31 – Updated: 2025-07-26 09:31
VLAI
Details

A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8181"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-26T07:15:26Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely.",
  "id": "GHSA-2j2w-6vxv-4p23",
  "modified": "2025-07-26T09:31:56Z",
  "published": "2025-07-26T09:31:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8181"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.317595"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.317595"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.621966"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.621968"
    },
    {
      "type": "WEB",
      "url": "https://www.notion.so/23a54a1113e780c08f3acca6a746d732"
    },
    {
      "type": "WEB",
      "url": "https://www.totolink.net"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2J3R-X22C-HQX9

Vulnerability from github – Published: 2025-10-31 00:30 – Updated: 2025-11-06 18:32
VLAI
Details

Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user (or the backend shell user) to escalate to root on the host.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-58273"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-30T22:15:46Z",
    "severity": "HIGH"
  },
  "details": "Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows\u00a0an attacker who could execute commands as the Apache web user (or the backend shell user) to escalate to root on the host.",
  "id": "GHSA-2j3r-x22c-hqx9",
  "modified": "2025-11-06T18:32:48Z",
  "published": "2025-10-31T00:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58273"
    },
    {
      "type": "WEB",
      "url": "https://www.nagios.com/changelog/#log-server-2024R1"
    },
    {
      "type": "WEB",
      "url": "https://www.nagios.com/products/security/#log-server"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/nagios-log-server-lpe-from-apache-backend-shell-user-to-root"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2J6V-89GR-9CRM

Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-01-13 18:31
VLAI
Details

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20852"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-13T18:16:13Z",
    "severity": "HIGH"
  },
  "details": "Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.",
  "id": "GHSA-2j6v-89gr-9crm",
  "modified": "2026-01-13T18:31:09Z",
  "published": "2026-01-13T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20852"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20852"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2JP3-2VFH-535W

Vulnerability from github – Published: 2024-12-31 15:30 – Updated: 2026-04-01 18:32
VLAI
Details

Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS allows Privilege Escalation.This issue affects WPLMS: from n/a through 1.9.9.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56043"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-31T14:15:24Z",
    "severity": "CRITICAL"
  },
  "details": "Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS allows Privilege Escalation.This issue affects WPLMS: from n/a through 1.9.9.",
  "id": "GHSA-2jp3-2vfh-535w",
  "modified": "2026-04-01T18:32:54Z",
  "published": "2024-12-31T15:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56043"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/wplms_plugin/vulnerability/wordpress-wplms-plugin-1-9-9-unauthenticated-privilege-escalation-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-unauthenticated-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2JQP-6HX7-PHH8

Vulnerability from github – Published: 2026-05-02 15:30 – Updated: 2026-05-02 15:30
VLAI
Details

A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-7644"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-02T15:16:14Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
  "id": "GHSA-2jqp-6hx7-phh8",
  "modified": "2026-05-02T15:30:27Z",
  "published": "2026-05-02T15:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7644"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ChatGPTNextWeb/NextChat/issues/6757"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ChatGPTNextWeb/NextChat"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/806851"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/360756"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/360756/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2M3C-QQ7F-8PPQ

Vulnerability from github – Published: 2025-01-09 03:30 – Updated: 2025-01-09 03:30
VLAI
Details

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-13200"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-09T03:15:23Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-2m3c-qq7f-8ppq",
  "modified": "2025-01-09T03:30:49Z",
  "published": "2025-01-09T03:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13200"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wander-chu/SpringBoot-Blog/issues/4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wander-chu/SpringBoot-Blog/issues/4#issue-2761636207"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.290793"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.290793"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.470902"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2M47-WRP6-46M6

Vulnerability from github – Published: 2026-06-09 03:31 – Updated: 2026-06-09 03:31
VLAI
Details

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 23.0.3 is sufficient to resolve this issue. The identifier of the patch is f1b2dd6481e22cacb561d29ffdcd3a50b618479d. Upgrading the affected component is advised.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-11619"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T03:16:25Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 23.0.3 is sufficient to resolve this issue. The identifier of the patch is f1b2dd6481e22cacb561d29ffdcd3a50b618479d. Upgrading the affected component is advised.",
  "id": "GHSA-2m47-wrp6-46m6",
  "modified": "2026-06-09T03:31:40Z",
  "published": "2026-06-09T03:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11619"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dolibarr/dolibarr/commit/f1b2dd6481e22cacb561d29ffdcd3a50b618479d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Dolibarr/dolibarr/releases/tag/23.0.3"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/cve/CVE-2026-11619"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/834038"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/369300"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/369300/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.