CWE-270 - Privilege Context Switching Error

CWE-270

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Privilege Context Switching Error

Description: The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.

Common Consequences: Scope: Access Control
Impact: Gain Privileges or Assume Identity
Notes: A user can assume the identity of another user with separate privileges in another context. This will give the user unauthorized access that may allow them to acquire the access information of other users.

Related Weaknesses: CWE-269Improper Privilege ManagementMedium

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard