Privilege Context Switching Error

CWE-270

Overtime trend (NVD)

CVSS severity (NVD, All Time)

Per technology (GHSA, All time)

90%-Maven
10%-Pip

Short description

The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.

Best practices to prevent this CWE

Phase: Architecture and Design; Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Phase: Architecture and Design; Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

Phase: Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

Recently published CVEs

CVE-2024-36513
CVE-2024-51987
CVE-2024-47173
CVE-2024-37294
CVE-2020-1719

Recently published GHSA

GHSA-7mr7-4f54-vcx5
GHSA-qxgx-hvg3-v92w
GHSA-xjm6-jfmg-qc6p
GHSA-35j5-m29r-xfq5
GHSA-jchm-fm4q-c2fp

Prioritize and Uncover Reachable Vulnerabilities in Your Application Code

Identify externally reachable data flows and vulnerabilities for effective risk mitigation

Get a Demo