Improper Check for Dropped Privileges

CWE-273

Overtime trend (NVD)

CVSS severity (NVD, All Time)

Per technology (GHSA, All time)

60%-Composer
20%-Pip
20%-Maven

Short description

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

Extended description

If the drop fails, the product will continue to run with the raised privileges, which might provide additional access to unprivileged users.

Best practices to prevent this CWE

Phase: Architecture and Design

Strategy: Separation of Privilege

Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.

Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.

Phase: Implementation

Check the results of all functions that return a value and verify that the value is expected.

Effectiveness: High

Phase: Implementation

In Windows, make sure that the process token has the SeImpersonatePrivilege(Microsoft Server 2003). Code that relies on impersonation for security must ensure that the impersonation succeeded, i.e., that a proper privilege demotion happened.

Recently published CVEs

CVE-2023-34322
CVE-2023-26239
CVE-2023-5369
CVE-2022-0358
CVE-2021-37839

Recently published GHSA

GHSA-748r-5r8q-273m
GHSA-g9m2-c2x5-fr2v
GHSA-86fh-j58m-7pf5

Prioritize and Uncover Reachable Vulnerabilities in Your Application Code

Identify externally reachable data flows and vulnerabilities for effective risk mitigation

Get a Demo