CWE-2699 advisories

Improper Privilege Management

What it is

Privileges are granted or dropped incorrectly, enabling privilege escalation.

How to fix it

Upgrade and correct the privilege-assignment logic.

How to avoid it

Grant least privilege, drop privileges promptly, and audit role changes.

Known Improper Privilege Management vulnerabilities

AI-EXCESSIVE-AGENCY-2025 — high · LLM security/Excessive agency / unsafe tool use
CVE-2024-6385 — critical · CI/CD · GitLab/GitLab CE/EE
CVE-2024-21626 — high · Container/runc (OCI container runtime)
SC-PYTORCH-RUNNER-2024 — critical · CI/CD · GitHub Actions/pytorch/pytorch
WEB3-MULTICHAIN-2023 — critical · Web3 · Bridge/Multichain
CLOUD-CLOUDSQL-PRIVESC-2023 — high · Cloud · GCP/Google Cloud SQL for SQL Server
CLOUD-AZURESCAPE-2021 — critical · Cloud · Azure/Azure Container Instances (ACI)
CVE-2021-34527 — high · Windows/Windows Print Spooler · exploited
INFRA-CAPITALONE-2019 — critical · Cloud · AWS/AWS EC2 / S3 (misconfigured WAF and IAM role)

Stateward flags Improper Privilege Management in your own code and dependencies on every pull request.

Scan my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.