CVEbaza.plSłownik CWECWE-267
Common Weakness Enumeration

CWE-267

Privilege Defined With Unsafe Actions

Kategoria: BaseCVE: 64
Opis

Konkretne uprawnienie, rola, możliwość lub prawo mogą być wykorzystane do wykonywania niebezpiecznych działań, które nie były zamierzone, nawet gdy przypisane są prawidłowej jednostce. Stanowi zagrożenie bezpieczeństwa, gdy przyznane uprawnienia umożliwiają wykonanie niezamierzonych operacji.

Description (EN)

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

Podatności CVE z CWE-267 (64)
9.9
CVSS
CRITICAL
CVE-2023-22647

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this operation was followed-up by other specially crafted commands, it could result in the user gaining access to tokens belonging to service accounts in the local cluster. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.

pub. 2023-06-01
9.8
CVSS
CRITICAL
CVE-2026-29646

W emulatorze OpenXiangShan NEMU z włączonym rozszerzeniem RVH (RISC-V Hypervisor) zapis do rejestru CSR sie z poziomu gościa VS-mode może nieprawidłowo wpłynąć na stan rejestru mie na poziomie maszynowym. Przełamuje to granice izolacji uprawnień i wirtualizacji, co jest szczególnie groźne w środowiskach wykorzystujących NEMU do prawidłowej wirtualizacji przerwań.

pub. 2026-04-20
9.4
CVSS
CRITICAL
CVE-2026-9560

Podatność w usłudze działającej w tle aplikacji OpenVPN Connect na macOS umożliwia lokalnym atakującym wykonanie dowolnych poleceń z podwyższonymi uprawnieniami. Ze względu na krytyczny poziom CVSS (9.4) i możliwość przejęcia pełnej kontroli nad systemem stanowi poważne zagrożenie dla stacji roboczych korzystających z tego klienta VPN.

pub. 2026-05-26
9.1
CVSS
CRITICAL
CVE-2021-44547

A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation.

pub. 2023-04-25
8.8
CVSS
HIGH
CVE-2026-27314

Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY. Users are recommended to upgrade to version 5.0.7+, which fixes this issue.

pub. 2026-04-07
8.8
CVSS
HIGH
CVE-2025-14349

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.

pub. 2026-02-13
8.8
CVSS
HIGH
CVE-2026-0945

Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0.

pub. 2026-02-04
8.8
CVSS
HIGH
CVE-2025-26467

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra 3.0.30, 3.11.17, 4.0.16, 4.1.7, 5.0.2, but this advisory is only for 4.0.16 because the fix to CVE-2025-23015 was incorrectly applied to 4.0.16, so that version is still affected. Users in the 4.0 series are recommended to upgrade to version 4.0.17 which fixes the issue. Users from 3.0, 3.11, 4.1 and 5.0 series should follow recommendation from CVE-2025-23015.

pub. 2025-08-25
8.8
CVSS
HIGH
CVE-2025-23015

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

pub. 2025-02-04
8.8
CVSS
HIGH
CVE-2024-55968

An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC interprocess communication (IPC). Specifically, the service does not verify the code requirements, entitlements, security flags, or version of any client attempting to establish a connection. This lack of proper logic validation allows malicious actors to exploit the service's methods via unauthorized client connections, and escalate privileges to root by abusing the DTConnectionHelperProtocol protocol's submitQuery method over an unauthorized XPC connection.

pub. 2025-01-28
8.8
CVSS
HIGH
CVE-2023-44218

A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.

pub. 2023-10-03
8.8
CVSS
HIGH
CVE-2023-2983

Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.

pub. 2023-05-30
8.8
CVSS
HIGH
CVE-2021-32739

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user's credentials, an attacker can view most attributes of all config objects including `ticket_salt` of `ApiListener`. This salt is enough to compute a ticket for every possible common name (CN). A ticket, the master node's certificate, and a self-signed certificate are enough to successfully request the desired certificate from Icinga. That certificate may in turn be used to steal an endpoint or API user's identity. Versions 2.12.5 and 2.11.10 both contain a fix the vulnerability. As a workaround, one may either specify queryable types explicitly or filter out ApiListener objects.

pub. 2021-07-15
8.8
CVSS
HIGH
CVE-2020-29396

A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.

pub. 2020-12-22
8.7
CVSS
HIGH
CVE-2024-39866

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges.

pub. 2024-07-09
8.7
CVSS
HIGH
CVE-2023-43746

When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system.  A successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

pub. 2023-10-10
8.7
CVSS
HIGH
CVE-2021-23166

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.

pub. 2023-04-25
8.7
CVSS
HIGH
CVE-2021-23186

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system.

pub. 2023-04-25
8.5
CVSS
HIGH
CVE-2026-42406

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands.     Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

pub. 2026-05-13
8.5
CVSS
HIGH
CVE-2026-23526

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.0.0 through 2.54.0, users that have the staff status may freely change their permissions, including giving themselves superuser status and joining the admin group, which gives them full access to the data in the CVAT instance. Version 2.55.0 fixes the issue. As a workaround, review the list of users with staff status and revoke it from any users that are not expected to have superuser privileges.

pub. 2026-01-21
Pokazano 20 z 64 podatności
Informacje
ID: CWE-267
Typ: Base
Podatności: 64
MITRE CWE ↗
← Słownik CWE