CWE-276
AllowedIncorrect Default Permissions
Abstraction: Base · Status: Draft
During installation, installed file permissions are set to allow anyone to modify those files.
2035 vulnerabilities reference this CWE, most recent first.
GHSA-6M39-WW2W-WPFG
Vulnerability from github – Published: 2023-07-27 21:30 – Updated: 2024-04-04 06:24TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a password).
{
"affected": [],
"aliases": [
"CVE-2023-33745"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-27T21:15:13Z",
"severity": "CRITICAL"
},
"details": "TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a password).",
"id": "GHSA-6m39-ww2w-wpfg",
"modified": "2024-04-04T06:24:32Z",
"published": "2023-07-27T21:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33745"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/173764/RoomCast-TA-2400-Cleartext-Private-Key-Improper-Access-Control.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6M9F-PJ6W-W87G
Vulnerability from github – Published: 2023-04-24 22:34 – Updated: 2025-05-27 14:46Impact
A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster.
When the Webhook is operating in a degraded state, it no longer validates any resources, which may result in severe privilege escalations and data corruption.
The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.
The command below can be executed on the local cluster to determine whether the cluster is affected by this issue:
$ kubectl get validatingwebhookconfigurations.admissionregistration.k8s.io rancher.cattle.io
NAME WEBHOOKS AGE
rancher.cattle.io 0 19h
If the resulting webhook quantity is 0, the Rancher instance is affected.
Patches
Patched versions include release 2.7.3 and later versions.
Workarounds
If you are affected and cannot update to a patched Rancher version, the recommended workaround is to manually reconfigure the Webhook with the script below. Please note that the script must be run from inside the local cluster or with a kubeconfig pointing to the local cluster which has admin permissions.
#!/bin/bash
set -euo pipefail
function prereqs() {
if ! [ -x "$(command -v kubectl)" ]; then
echo "error: kubectl is not installed." >&2
exit 1
fi
if [[ -z "$(kubectl config view -o jsonpath='{.clusters[].cluster.server}')" ]]; then
echo "error: No kubernetes cluster found on kubeconfig." >&2
exit 1
fi
}
function restart_deployment(){
kubectl rollout restart deployment rancher-webhook -n cattle-system
kubectl rollout status deployment rancher-webhook -n cattle-system --timeout=30s
}
function workaround() {
echo "Cluster: $(kubectl config view -o jsonpath='{.clusters[].cluster.server}')"
if ! kubectl get validatingwebhookconfigurations.admissionregistration.k8s.io rancher.cattle.io > /dev/null 2>&1; then
echo "webhook rancher.cattle.io not found, restarting deployment:"
restart_deployment
echo "waiting for webhook configuration"
sleep 15s
fi
local -i webhooks
webhooks="$(kubectl get validatingwebhookconfigurations.admissionregistration.k8s.io rancher.cattle.io --no-headers | awk '{ print $2 }')"
if [ "${webhooks}" == "0" ]; then
echo "Webhook misconfiguration status: Cluster is affected by CVE-2023-22651"
echo "Running workaround:"
kubectl delete validatingwebhookconfiguration rancher.cattle.io
restart_deployment
ret=$?
if [ $ret -eq 0 ]; then
echo "Webhook restored, CVE-2023-22651 is fixed"
else
echo "error trying to restart deployment. try again in a few seconds."
fi
else
echo "Webhook misconfiguration status: not present (skipping)"
fi
echo "Done"
}
function main() {
prereqs
workaround
}
main
References
- https://github.com/rancher/webhook/pull/216/commits/a4a498613b43a3ee93c5ab06742a3bc8adace45d
For more information
If you have any questions or comments about this advisory:
- Reach out to the SUSE Rancher Security team for security related inquiries.
- Open an issue in the Rancher repository.
- Verify our support matrix and product support lifecycle.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.2"
},
{
"fixed": "2.7.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.2"
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0-20220922131902-ec6d6d3a7616"
},
{
"fixed": "0.0.0-20230424183121-6d9a175954c6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-22651"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-276"
],
"github_reviewed": true,
"github_reviewed_at": "2023-04-24T22:34:59Z",
"nvd_published_at": "2023-05-04T08:15:22Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nA failure in the update logic of Rancher\u0027s admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster.\n\nWhen the Webhook is operating in a degraded state, it no longer validates any resources, which may result in severe privilege escalations and data corruption.\n\nThe issue only affects users that upgrade from `2.6.x` or `2.7.x` to `2.7.2`. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.\n\nThe command below can be executed on the `local` cluster to determine whether the cluster is affected by this issue:\n\n```sh\n$ kubectl get validatingwebhookconfigurations.admissionregistration.k8s.io rancher.cattle.io\n\nNAME WEBHOOKS AGE\nrancher.cattle.io 0 19h\n```\n\nIf the resulting webhook quantity is `0`, the Rancher instance is affected.\n\n### Patches\n\nPatched versions include release `2.7.3` and later versions.\n\n### Workarounds\n\nIf you are affected and cannot update to a patched Rancher version, the recommended workaround is to manually reconfigure the Webhook with the script below. Please note that the script must be run from inside the `local` cluster or with a kubeconfig pointing to the `local` cluster which has admin permissions.\n\n```yaml\n#!/bin/bash\n\nset -euo pipefail\n\nfunction prereqs() {\n if ! [ -x \"$(command -v kubectl)\" ]; then\n echo \"error: kubectl is not installed.\" \u003e\u00262\n exit 1\n fi\n\n if [[ -z \"$(kubectl config view -o jsonpath=\u0027{.clusters[].cluster.server}\u0027)\" ]]; then\n echo \"error: No kubernetes cluster found on kubeconfig.\" \u003e\u00262\n exit 1\n fi\n}\n\nfunction restart_deployment(){\n kubectl rollout restart deployment rancher-webhook -n cattle-system\n kubectl rollout status deployment rancher-webhook -n cattle-system --timeout=30s\n}\n\nfunction workaround() {\n echo \"Cluster: $(kubectl config view -o jsonpath=\u0027{.clusters[].cluster.server}\u0027)\"\n\n if ! kubectl get validatingwebhookconfigurations.admissionregistration.k8s.io rancher.cattle.io \u003e /dev/null 2\u003e\u00261; then\n echo \"webhook rancher.cattle.io not found, restarting deployment:\"\n restart_deployment\n\n echo \"waiting for webhook configuration\"\n sleep 15s\n fi\n\n local -i webhooks\n webhooks=\"$(kubectl get validatingwebhookconfigurations.admissionregistration.k8s.io rancher.cattle.io --no-headers | awk \u0027{ print $2 }\u0027)\"\n\n if [ \"${webhooks}\" == \"0\" ]; then\n echo \"Webhook misconfiguration status: Cluster is affected by CVE-2023-22651\"\n \n echo \"Running workaround:\"\n kubectl delete validatingwebhookconfiguration rancher.cattle.io\n restart_deployment\n\n ret=$?\n if [ $ret -eq 0 ]; then\n echo \"Webhook restored, CVE-2023-22651 is fixed\"\n else\n echo \"error trying to restart deployment. try again in a few seconds.\"\n fi\n else\n echo \"Webhook misconfiguration status: not present (skipping)\"\n fi\n\n echo \"Done\"\n}\n\nfunction main() {\n prereqs\n workaround\n}\n\nmain\n```\n\n### References\n- https://github.com/rancher/webhook/pull/216/commits/a4a498613b43a3ee93c5ab06742a3bc8adace45d\n\n### For more information\nIf you have any questions or comments about this advisory:\n\n- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n- Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.\n- Verify our [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/).",
"id": "GHSA-6m9f-pj6w-w87g",
"modified": "2025-05-27T14:46:00Z",
"published": "2023-04-24T22:34:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-6m9f-pj6w-w87g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22651"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22651"
},
{
"type": "PACKAGE",
"url": "https://github.com/rancher/rancher"
},
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/releases/tag/v2.7.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Rancher Webhook is misconfigured during upgrade process"
}
GHSA-6P4R-8Q8W-PC2G
Vulnerability from github – Published: 2025-07-28 18:31 – Updated: 2025-07-28 18:31In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
{
"affected": [],
"aliases": [
"CVE-2025-54530"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-28T17:15:32Z",
"severity": "HIGH"
},
"details": "In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions",
"id": "GHSA-6p4r-8q8w-pc2g",
"modified": "2025-07-28T18:31:28Z",
"published": "2025-07-28T18:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54530"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6P8Q-94VC-WGP9
Vulnerability from github – Published: 2025-01-07 00:31 – Updated: 2025-01-07 18:30An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell.
{
"affected": [],
"aliases": [
"CVE-2021-27285"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-06T22:15:07Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell.",
"id": "GHSA-6p8q-94vc-wgp9",
"modified": "2025-01-07T18:30:48Z",
"published": "2025-01-07T00:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27285"
},
{
"type": "WEB",
"url": "https://github.com/fjh1997/CVE-2021-27285"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6P8V-8CQ8-V2R3
Vulnerability from github – Published: 2022-05-24 21:14 – Updated: 2022-05-24 21:14Impact
Users with host file system access on a node and the privileges to run as group ID 1000 can gain access to the per node API of Cilium via Unix domain socket on the host where Cilium is running. If a malicious user is able to gain unprivileged access to a user corresponding to this group, then they can leverage this access to compromise the integrity as well as system availability on that host. Operating Systems that have unprivileged users not belonging the group ID 1000 are not affected by this vulnerability.
Best practices for managing the secure deployment of Kubernetes clusters will typically limit the ability for a malicious user to deploy pods with access to this group or to access the host filesystem, and limit user access to the nodes for users belonging to this group. These best practices include (but are not limited to) enforcing Admission Control policies to limit the configuration of Kubernetes Pod hostPath and SecurityContext fields.
Patches
Cilium versions >=1.9.16, >=1.10.11, >=1.11.5 mitigate this issue by setting the default group to 0 (root).
Workarounds
Prevent Cilium from running with group 1000 by modifying Cilium's DaemonSet to run with the following command:
containers:
- name: cilium-agent
args:
- -c
- "groupdel cilium && cilium-agent --config-dir=/tmp/cilium/config-map"
command:
- bash
instead of
containers:
- name: cilium-agent
args:
- --config-dir=/tmp/cilium/config-map
command:
- cilium-agent
Acknowledgements
The Cilium community has worked together with members of Isovalent and Form 3 to prepare these mitigations. Special thanks to Daniel Iziourov and Daniel Teixeira for their cooperation.
For more information
If you have any questions or comments about this advisory: * Email us at security@cilium.io
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cilium/cilium"
},
"ranges": [
{
"events": [
{
"introduced": "1.11.0"
},
{
"fixed": "1.11.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/cilium/cilium"
},
"ranges": [
{
"events": [
{
"introduced": "1.10.0"
},
{
"fixed": "1.10.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/cilium/cilium"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.16"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-29178"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-24T21:14:41Z",
"nvd_published_at": "2022-05-20T19:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\nUsers with host file system access on a node and the privileges to run as group ID 1000 can gain access to the per node API of Cilium via Unix domain socket on the host where Cilium is running. If a malicious user is able to gain unprivileged access to a user corresponding to this group, then they can leverage this access to compromise the integrity as well as system availability on that host. Operating Systems that have unprivileged users **not** belonging the group ID 1000 are **not** affected by this vulnerability.\n\nBest practices for managing the secure deployment of Kubernetes clusters will typically limit the ability for a malicious user to deploy pods with access to this group or to access the host filesystem, and limit user access to the nodes for users belonging to this group. These best practices include (but are not limited to) enforcing Admission Control policies to limit the configuration of Kubernetes Pod [hostPath](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) and [SecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) fields.\n\n### Patches\n\nCilium versions \u003e=1.9.16, \u003e=1.10.11, \u003e=1.11.5 mitigate this issue by setting the default group to 0 (root).\n\n### Workarounds\n\nPrevent Cilium from running with group 1000 by modifying Cilium\u0027s DaemonSet to run with the following command:\n\n```yaml\n containers:\n - name: cilium-agent\n args:\n - -c\n - \"groupdel cilium \u0026\u0026 cilium-agent --config-dir=/tmp/cilium/config-map\"\n command:\n - bash\n```\ninstead of\n```yaml\n containers:\n - name: cilium-agent\n args:\n - --config-dir=/tmp/cilium/config-map\n command:\n - cilium-agent\n```\n\n### Acknowledgements\n\nThe Cilium community has worked together with members of Isovalent and Form 3 to prepare these mitigations. Special thanks to Daniel Iziourov and Daniel Teixeira for their cooperation.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [security@cilium.io](mailto:security@cilium.io)\n",
"id": "GHSA-6p8v-8cq8-v2r3",
"modified": "2022-05-24T21:14:41Z",
"published": "2022-05-24T21:14:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-6p8v-8cq8-v2r3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29178"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/releases/tag/v1.10.11"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/releases/tag/v1.11.5"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/releases/tag/v1.9.16"
},
{
"type": "PACKAGE",
"url": "github.com/cilium/cilium"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Access to Unix domain socket can lead to privileges escalation in Cilium"
}
GHSA-6P96-58PG-P58H
Vulnerability from github – Published: 2024-12-12 03:33 – Updated: 2025-11-04 00:32A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges.
{
"affected": [],
"aliases": [
"CVE-2024-44224"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-12T02:15:23Z",
"severity": "HIGH"
},
"details": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges.",
"id": "GHSA-6p96-58pg-p58h",
"modified": "2025-11-04T00:32:10Z",
"published": "2024-12-12T03:33:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44224"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121839"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121840"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121842"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Dec/7"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Dec/8"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Dec/9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6PQ8-9HCX-5R62
Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2022-05-24 17:07A privilege escalation vulnerability in Wowza Streaming Engine 4.7.7 and 4.7.8 allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/* core program files. By injecting a payload into one of those files, it will run with the same privileges as the Wowza server, root. For example, /usr/local/WowzaStreamingEngine/bin/tune.sh could be replaced with a Trojan horse.
{
"affected": [],
"aliases": [
"CVE-2019-7656"
],
"database_specific": {
"cwe_ids": [
"CWE-276",
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-29T16:15:00Z",
"severity": "HIGH"
},
"details": "A privilege escalation vulnerability in Wowza Streaming Engine 4.7.7 and 4.7.8 allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/* core program files. By injecting a payload into one of those files, it will run with the same privileges as the Wowza server, root. For example, /usr/local/WowzaStreamingEngine/bin/tune.sh could be replaced with a Trojan horse.",
"id": "GHSA-6pq8-9hcx-5r62",
"modified": "2022-05-24T17:07:40Z",
"published": "2022-05-24T17:07:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7656"
},
{
"type": "WEB",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7656-PrivEscal-Wowza"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2019-7656.txt"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-7656.txt"
},
{
"type": "WEB",
"url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes"
},
{
"type": "WEB",
"url": "https://www.wowza.com/pricing/installer"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6Q23-JQ3M-97MQ
Vulnerability from github – Published: 2024-03-14 18:30 – Updated: 2025-11-04 18:30Incorrect default permissions in some Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2023-28389"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-14T17:15:50Z",
"severity": "MODERATE"
},
"details": "Incorrect default permissions in some Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.",
"id": "GHSA-6q23-jq3m-97mq",
"modified": "2025-11-04T18:30:45Z",
"published": "2024-03-14T18:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28389"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240912-0004"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00923.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6QFQ-9M7H-9WWM
Vulnerability from github – Published: 2023-03-15 21:30 – Updated: 2023-03-19 06:30IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953.
{
"affected": [],
"aliases": [
"CVE-2022-46774"
],
"database_specific": {
"cwe_ids": [
"CWE-276",
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-15T19:15:00Z",
"severity": "MODERATE"
},
"details": "IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953.",
"id": "GHSA-6qfq-9m7h-9wwm",
"modified": "2023-03-19T06:30:24Z",
"published": "2023-03-15T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46774"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/242953"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6962455"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6RJ9-HCV7-94R5
Vulnerability from github – Published: 2023-06-28 15:30 – Updated: 2023-06-28 15:30A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.
{
"affected": [],
"aliases": [
"CVE-2023-20178"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-28T15:15:09Z",
"severity": "HIGH"
},
"details": "A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.",
"id": "GHSA-6rj9-hcv7-94r5",
"modified": "2023-06-28T15:30:23Z",
"published": "2023-06-28T15:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20178"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
The architecture needs to access and modification attributes for files to only those users who actually require those actions.
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.