Skip to content
/ vertical-privilege-escalation Public

A threat actor may perform unauthorized functions belonging to another user with a higher privileges level

License

AGPL-3.0 license
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

qeeqbox/vertical-privilege-escalation

BranchesTags

Repository files navigation

A threat actor may perform unauthorized functions belonging to another user with a higher privileges level.

Example #1

  1. Threat actor alters a value that indicates users' group
  2. Target authorizes adversary to perform functions as if they were part of that group

Names

  • Vertical access control attack

Impact

Vary

Risk

  • Read & modify data
  • Execute commands

Redemption

  • Validate access control
  • Least privileges

ID

cb8496ab-c8f4-4fda-99a3-37e0b8bc2d55

References

About

A threat actor may perform unauthorized functions belonging to another user with a higher privileges level

Topics

visualization metadata example vertical vulnerability escalation privilege qeeqbox infosecsimplified

Resources

Readme

License

AGPL-3.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Sponsor this project

 
Learn more about GitHub Sponsors