CVE-2023-4009

HIGH Year: 2023
CVSS v3 Score
7.2
High
Weakness Type
CWE-648
View all →

Vulnerability Description

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.

Related Vulnerabilities

CVE-2023-29507

HIGH
CVSS:7.2(High)

XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in...

CWE-6482023

CVE-2023-6522

HIGH
CVSS:7.2(High)

Incorrect Use of Privileged APIs vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3914.

CWE-6482023

CVE-2019-10216

HIGH
CVSS:7.3(High)

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by crea...

CWE-6482019

CVE-2019-14811

HIGH
CVSS:7.3(High)

A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions...

CWE-6482019

CVE-2019-14812

HIGH
CVSS:7.3(High)

A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions....

CWE-6482019

CVE-2019-14813

HIGH
CVSS:7.3(High)

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A ...

CWE-6482019