CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CVE-2023-46771 (GCVE-0-2023-46771)
Vulnerability from cvelistv5 – Published: 2023-11-08 09:03 – Updated: 2024-09-04 19:01
VLAI
Summary
Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality.
Severity
7.5 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://consumer.huawei.com/en/support/bulletin/2023/11/"
},
{
"tags": [
"x_transferred"
],
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:huawei:harmonyos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "harmonyos",
"vendor": "huawei",
"versions": [
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:huawei:emui:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emui",
"vendor": "huawei",
"versions": [
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "13.0.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-46771",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T18:56:55.647199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T19:01:40.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T09:03:34.784Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2023-46771",
"datePublished": "2023-11-08T09:03:34.784Z",
"dateReserved": "2023-10-26T11:33:04.519Z",
"dateUpdated": "2024-09-04T19:01:40.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4697 (GCVE-0-2023-4697)
Vulnerability from cvelistv5 – Published: 2023-09-01 00:00 – Updated: 2024-10-01 13:13
VLAI
Title
Improper Privilege Management in usememos/memos
Summary
Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.
Severity
8.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| usememos | usememos/memos |
Affected:
unspecified , < 0.13.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:37:59.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3ff3325a-1dcb-4da7-894d-81a9cf726d81"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4697",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T13:12:56.315418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T13:13:06.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "usememos/memos",
"vendor": "usememos",
"versions": [
{
"lessThan": "0.13.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-01T00:00:20.740Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3ff3325a-1dcb-4da7-894d-81a9cf726d81"
},
{
"url": "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd"
}
],
"source": {
"advisory": "3ff3325a-1dcb-4da7-894d-81a9cf726d81",
"discovery": "EXTERNAL"
},
"title": "Improper Privilege Management in usememos/memos"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4697",
"datePublished": "2023-09-01T00:00:20.740Z",
"dateReserved": "2023-09-01T00:00:08.046Z",
"dateUpdated": "2024-10-01T13:13:06.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47611 (GCVE-0-2023-47611)
Vulnerability from cvelistv5 – Published: 2023-11-10 16:38 – Updated: 2024-08-02 21:09
VLAI
Summary
A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.
Severity
7.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.kaspersky.com/advisories/2023/11… | third-party-advisory |
Impacted products
36 products
| Vendor | Product | Version | |
|---|---|---|---|
| Telit Cinterion | BGS5 |
Affected:
* , < 2.000 ARN 01.001.08
(custom)
|
|
| Telit Cinterion | EHS5-E |
Affected:
* , < 4.013 ARN 01.000.06
(custom)
|
|
| Telit Cinterion | EHS5-US |
Affected:
* , < 4.000
(custom)
|
|
| Telit Cinterion | EHS5-US Rel.4 |
Affected:
* , < 4.013 ARN 01.000.06
(custom)
|
|
| Telit Cinterion | EHS6 |
Affected:
* , < 2.000
(custom)
|
|
| Telit Cinterion | EHS6 Rel.2 |
Affected:
* , < 2.000 ARN 00.000.20
(custom)
|
|
| Telit Cinterion | EHS6 Rel.3 |
Affected:
* , < 3.001 ARN 00.000.49
(custom)
|
|
| Telit Cinterion | EHS6 Rel.4 |
Affected:
* , < 4.013 ARN 01.000.06
(custom)
|
|
| Telit Cinterion | EHS6-A Rel.4 |
Affected:
* , < 4.013 ARN 01.000.06
(custom)
|
|
| Telit Cinterion | EHS8 |
Affected:
* , < 3.011 ARN 00.000.60
(custom)
|
|
| Telit Cinterion | EHS8 Rel.4 |
Affected:
* , < 4.013 ARN 01.000.06
(custom)
|
|
| Telit Cinterion | ELS61-AUS |
Affected:
* , < 1.000
(custom)
|
|
| Telit Cinterion | ELS61-AUS Rel.1 |
Affected:
* , < 1.004 ARN 00.003.01
(custom)
|
|
| Telit Cinterion | ELS61-AUS Rel.1 MR |
Affected:
* , < 1.005 ARN 00.005.01
(custom)
|
|
| Telit Cinterion | ELS61-E |
Affected:
* , < 1.000
(custom)
|
|
| Telit Cinterion | ELS61-E Rel.1 |
Affected:
* , < 1.000 ARN 00.030.01
(custom)
|
|
| Telit Cinterion | ELS61-E Rel.1 MR |
Affected:
* , < 1.000 ARN 00.032.02
(custom)
|
|
| Telit Cinterion | ELS61-E Rel.2 |
Affected:
* , < 2.000 ARN 01.000.03
(custom)
|
|
| Telit Cinterion | ELS61-E Rel.2 |
Affected:
* , < 2.000 ARN 01.000.03
(custom)
|
|
| Telit Cinterion | ELS61-E2 Rel.1 |
Affected:
* , < 1.000 ARN 00.026.01
(custom)
|
|
| Telit Cinterion | ELS61-E2 Rel.1 MR |
Affected:
* , < 1.000 ARN 00.032.02
(custom)
|
|
| Telit Cinterion | ELS61-US Rel.1 MR |
Affected:
* , < 1.01 ARN 00.028.01
(custom)
|
|
| Telit Cinterion | ELS61-US Rel.2 |
Affected:
* , < 2.012 ARN 01.000.05
(custom)
|
|
| Telit Cinterion | ELS81-E |
Affected:
* , < 4.000
(custom)
|
|
| Telit Cinterion | ELS81-E Rel.1 |
Affected:
* , < 4.000 ARN 01.000.05
(custom)
|
|
| Telit Cinterion | ELS81-E Rel.1.1 |
Affected:
* , < 5.001 ARN 01.000.04
(custom)
|
|
| Telit Cinterion | ELS81-US |
Affected:
* , < 5.012
(custom)
|
|
| Telit Cinterion | ELS81-US Rel.1.1 |
Affected:
* , < 5.012 ARN 01.000.05
(custom)
|
|
| Telit Cinterion | PDS5-E |
Affected:
* , < 3.001
(custom)
|
|
| Telit Cinterion | PDS5-E Rel.1 |
Affected:
* , < 3.001 ARN 00.000.32
(custom)
|
|
| Telit Cinterion | PDS5-E Rel.4 |
Affected:
* , < 4.013 ARN 01.000.06
(custom)
|
|
| Telit Cinterion | PDS5-US | ||
| Telit Cinterion | PDS6 | ||
| Telit Cinterion | PDS8 | ||
| Telit Cinterion | PLS62-W |
Affected:
* , < 2.01
(custom)
|
|
| Telit Cinterion | PLS62-W Rel.1 |
Affected:
* , < 2.01 ARN 01.000.05
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "KLCERT-22-216: Telit Cinterion (Thales/Gemalto) modules. Improper Privilege Management vulnerability",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BGS5",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 01.001.08",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS5-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS5-US",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS5-US Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6 Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 00.000.20",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6 Rel.3",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.001 ARN 00.000.49",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6 Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6-A Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS8",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.011 ARN 00.000.60",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS8 Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-AUS",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-AUS Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.004 ARN 00.003.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-AUS Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.005 ARN 00.005.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.030.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.032.02",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 01.000.03",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 01.000.03",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E2 Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.026.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E2 Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.032.02",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-US Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.01 ARN 00.028.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-US Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.012 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-E Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.000 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-E Rel.1.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "5.001 ARN 01.000.04",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-US",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "5.012",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-US Rel.1.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "5.012 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PDS5-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.001",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PDS5-E Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.001 ARN 00.000.32",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PDS5-E Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "PDS5-US",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "unaffected",
"product": "PLS62-W",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PLS62-W Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.01 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexander Kozlov from Kaspersky"
},
{
"lang": "en",
"type": "finder",
"value": "Sergey Anufrienko from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to \"manufacturer\" level on the targeted system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T16:38:54.668Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "KLCERT-22-216: Telit Cinterion (Thales/Gemalto) modules. Improper Privilege Management vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/"
}
],
"solutions": [
{
"lang": "en",
"value": "Telit Cinterion has released firmware updates to fix the issue. Contact Telit Cinterion for assistance."
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-21T12:45:00.000Z",
"value": "Issue discovered by Kaspersky ICS CERT"
},
{
"lang": "en",
"time": "2023-04-27T15:56:00.000Z",
"value": "Confirmed by Telit Cinterion"
}
],
"workarounds": [
{
"lang": "en",
"value": "Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device."
},
{
"lang": "en",
"value": "Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-47611",
"datePublished": "2023-11-10T16:38:54.668Z",
"dateReserved": "2023-11-07T10:06:48.689Z",
"dateUpdated": "2024-08-02T21:09:37.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47629 (GCVE-0-2023-47629)
Vulnerability from cvelistv5 – Published: 2023-11-14 00:32 – Updated: 2024-09-03 14:41
VLAI
Title
Privilege escalation through email sign-up in datahub
Summary
DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the default datahub user has been removed, then the user can sign up for an account that leverages the default policies giving admin privileges to the datahub user. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability.
Severity
7.1 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/datahub-project/datahub/securi… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:42.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-vj59-23ww-p6c8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-vj59-23ww-p6c8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47629",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T14:40:48.214039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T14:41:13.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the default datahub user has been removed, then the user can sign up for an account that leverages the default policies giving admin privileges to the datahub user. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T00:32:12.079Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-vj59-23ww-p6c8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-vj59-23ww-p6c8"
}
],
"source": {
"advisory": "GHSA-vj59-23ww-p6c8",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation through email sign-up in datahub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47629",
"datePublished": "2023-11-14T00:32:12.079Z",
"dateReserved": "2023-11-07T16:57:49.244Z",
"dateUpdated": "2024-09-03T14:41:13.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47682 (GCVE-0-2023-47682)
Vulnerability from cvelistv5 – Published: 2024-05-17 08:36 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress WP User Frontend plugin <= 3.6.5 - Authenticated Privilege Escalation vulnerability
Summary
Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.This issue affects WP User Frontend: from n/a through 3.6.5.
Severity
7.2 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/wp-… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| weDevs | WP User Frontend |
Affected:
n/a , ≤ 3.6.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wedevs:wp_user_frontend:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "wp_user_frontend",
"vendor": "wedevs",
"versions": [
{
"lessThanOrEqual": "3.6.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47682",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T15:59:26.356129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T12:48:31.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wp-user-frontend/wordpress-wp-user-frontend-plugin-3-6-5-authenticated-privilege-escalation-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-user-frontend",
"product": "WP User Frontend",
"vendor": "weDevs",
"versions": [
{
"changes": [
{
"at": "3.6.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.6.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.\u003cp\u003eThis issue affects WP User Frontend: from n/a through 3.6.5.\u003c/p\u003e"
}
],
"value": "Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.This issue affects WP User Frontend: from n/a through 3.6.5."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:50.701Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/wp-user-frontend/wordpress-wp-user-frontend-plugin-3-6-5-authenticated-privilege-escalation-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.6.6 or a higher version."
}
],
"value": "Update to 3.6.6 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress WP User Frontend plugin \u003c= 3.6.5 - Authenticated Privilege Escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-47682",
"datePublished": "2024-05-17T08:36:12.682Z",
"dateReserved": "2023-11-08T16:08:15.189Z",
"dateUpdated": "2026-04-28T16:08:50.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-47683 (GCVE-0-2023-47683)
Vulnerability from cvelistv5 – Published: 2024-05-17 08:36 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress Social Login, Social Sharing by miniOrange plugin <= 7.6.6 - Authenticated Privilege Escalation vulnerability
Summary
Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.6.
Severity
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/min… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| miniOrange | WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) |
Affected:
n/a , ≤ 7.6.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T17:19:50.548560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:43.129Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/miniorange-login-openid/wordpress-social-login-social-sharing-by-miniorange-plugin-7-6-6-authenticated-privilege-escalation-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "miniorange-login-openid",
"product": "WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)",
"vendor": "miniOrange",
"versions": [
{
"changes": [
{
"at": "7.6.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.6.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.\u003cp\u003eThis issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.6.\u003c/p\u003e"
}
],
"value": "Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.6."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:50.695Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/miniorange-login-openid/wordpress-social-login-social-sharing-by-miniorange-plugin-7-6-6-authenticated-privilege-escalation-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 7.6.7 or a higher version."
}
],
"value": "Update to 7.6.7 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Social Login, Social Sharing by miniOrange plugin \u003c= 7.6.6 - Authenticated Privilege Escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-47683",
"datePublished": "2024-05-17T08:36:38.232Z",
"dateReserved": "2023-11-08T16:08:15.189Z",
"dateUpdated": "2026-04-28T16:08:50.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-47715 (GCVE-0-2023-47715)
Vulnerability from cvelistv5 – Published: 2024-03-21 14:10 – Updated: 2024-08-02 21:16
VLAI
Title
IBM Storage Protect Plus Server improper access control
Summary
IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538.
Severity
4.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7144861 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Storage Protect Plus Server |
Affected:
10.1.0 , ≤ 10.1.16
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47715",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-21T16:35:25.921041Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:14.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7144861"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271538"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Protect Plus Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.1.16",
"status": "affected",
"version": "10.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538."
}
],
"value": "IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T01:29:13.096Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7144861"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271538"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Protect Plus Server improper access control",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-47715",
"datePublished": "2024-03-21T14:10:59.446Z",
"dateReserved": "2023-11-09T11:31:13.140Z",
"dateUpdated": "2024-08-02T21:16:43.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47782 (GCVE-0-2023-47782)
Vulnerability from cvelistv5 – Published: 2024-05-17 08:37 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress Thrive Theme Builder theme < 3.24.0 - Authenticated Privilege Escalation vulnerability
Summary
Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0.
Severity
8.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/thr… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Thrive Themes | Thrive Theme Builder |
Affected:
n/a , < 3.24.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/thrive-theme/wordpress-thrive-theme-builder-theme-3-20-1-authenticated-privilege-escalation-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thrivethemes:thrive_themes_builder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thrive_themes_builder",
"vendor": "thrivethemes",
"versions": [
{
"lessThan": "3.24.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47782",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T15:55:27.066333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T17:34:36.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Thrive Theme Builder",
"vendor": "Thrive Themes",
"versions": [
{
"changes": [
{
"at": "3.24.0",
"status": "unaffected"
}
],
"lessThan": "3.24.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.\u003cp\u003eThis issue affects Thrive Theme Builder: from n/a before 3.24.0.\u003c/p\u003e"
}
],
"value": "Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:51.889Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/thrive-theme/wordpress-thrive-theme-builder-theme-3-20-1-authenticated-privilege-escalation-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.24.0 or a higher version."
}
],
"value": "Update to 3.24.0 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Thrive Theme Builder theme \u003c 3.24.0 - Authenticated Privilege Escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-47782",
"datePublished": "2024-05-17T08:37:20.996Z",
"dateReserved": "2023-11-09T21:23:05.860Z",
"dateUpdated": "2026-04-28T16:08:51.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-47837 (GCVE-0-2023-47837)
Vulnerability from cvelistv5 – Published: 2024-06-04 10:10 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress ARMember plugin <= 4.0.10 - Membership Plan Bypass vulnerability
Summary
Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10.
Severity
8.3 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/arm… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Repute Infosystems | ARMember |
Affected:
n/a , ≤ 4.0.10
(custom)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:armemberplugin:armember:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "armember",
"vendor": "armemberplugin",
"versions": [
{
"lessThanOrEqual": "4.0.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T13:13:01.753831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:39.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-10-membership-plan-bypass-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "armember-membership",
"product": "ARMember",
"vendor": "Repute Infosystems",
"versions": [
{
"changes": [
{
"at": "4.0.11",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.0.10",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Revan Arifio (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.\u003cp\u003eThis issue affects ARMember: from n/a through 4.0.10.\u003c/p\u003e"
}
],
"value": "Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:52.846Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-10-membership-plan-bypass-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.0.11 or a higher version."
}
],
"value": "Update to 4.0.11 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress ARMember plugin \u003c= 4.0.10 - Membership Plan Bypass vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-47837",
"datePublished": "2024-06-04T10:10:14.075Z",
"dateReserved": "2023-11-13T00:16:57.320Z",
"dateUpdated": "2026-04-28T16:08:52.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-47868 (GCVE-0-2023-47868)
Vulnerability from cvelistv5 – Published: 2024-05-17 08:37 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress wpForo plugin <= 2.2.3 - Privilege Escalation vulnerability
Summary
Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3.
Severity
7.3 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/wpf… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| wpForo | wpForo Forum |
Affected:
n/a , ≤ 2.2.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "affected",
"product": "wpforo_forum",
"vendor": "gvectors",
"versions": [
{
"lessThanOrEqual": "2.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47868",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T18:49:54.362374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T12:48:46.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-privilege-escalation-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wpforo",
"product": "wpForo Forum",
"vendor": "wpForo",
"versions": [
{
"changes": [
{
"at": "2.2.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.2.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jesse McNeil (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.\u003cp\u003eThis issue affects wpForo Forum: from n/a through 2.2.3.\u003c/p\u003e"
}
],
"value": "Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:53.395Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-privilege-escalation-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.2.4 or a higher version."
}
],
"value": "Update to 2.2.4 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress wpForo plugin \u003c= 2.2.3 - Privilege Escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-47868",
"datePublished": "2024-05-17T08:37:32.853Z",
"dateReserved": "2023-11-13T03:06:31.385Z",
"dateUpdated": "2026-04-28T16:08:53.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-48
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation ID: MIT-49
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.