Skip to main content

CWE-842

Placement of User into Incorrect Group

6 CVEs Avg CVSS 7.3 MITRE
0
CRITICAL
5
HIGH
1
MEDIUM
0
LOW
3
POC
0
KEV

Monthly

CVE-2026-6970 Go HIGH POC PATCH GHSA This Week

authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was manually changed via the `authctl group set-gid` command, and the user's identity provider record is updated, authd incorrectly resets the user's primary group ID to their UID upon next login. This causes newly created files and directories to be owned by the wrong group, causing denial of service issues, and potentially granting unintended access to other local users and allowing local privilege escalation.

Privilege Escalation Denial Of Service Authd
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2024-9412 HIGH This Week

An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell
NVD
CVSS 4.0
8.4
EPSS
0.4%
CVE-2023-25575 PHP MEDIUM PATCH This Month

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Core
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2990 Go HIGH POC PATCH This Week

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buildah Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-2989 Go HIGH POC PATCH This Week

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Podman Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-31007 HIGH This Week

eLabFTW is an electronic lab notebook manager for research teams. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elabftw
NVD GitHub
CVSS 3.1
7.2
EPSS
26.1%
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was manually changed via the `authctl group set-gid` command, and the user's identity provider record is updated, authd incorrectly resets the user's primary group ID to their UID upon next login. This causes newly created files and directories to be owned by the wrong group, causing denial of service issues, and potentially granting unintended access to other local users and allowing local privilege escalation.

Privilege Escalation Denial Of Service Authd
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH This Week

An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Core
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buildah Openshift Container Platform +1
NVD
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Podman Openshift Container Platform +1
NVD
EPSS 26% CVSS 7.2
HIGH This Week

eLabFTW is an electronic lab notebook manager for research teams. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elabftw
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy