Privilege Escalation

Privilege Escalation occurs when an attacker gains elevated access to resources that are normally protected, beyond what they are originally authorised for. This can happen due to flaws in the application's authorisation (authorization), allowing users to perform actions or access data they shouldn't.

Remediation

Enforce Least Privilege: Ensure users have the minimum access necessary to perform their tasks.
Implement Robust Access Controls: Use role-based access control (RBAC) and ensure all endpoints enforce these controls consistently.
Verify User Permissions: Check server-side permissions for every request to confirm the user has appropriate rights.

Metadata

Severity: high
Slug: privilege-escalation

CWEs

639: Authorization Bypass Through User-Controlled Key
266: Incorrect Privilege Assignment

OWASP

A01:2021: Broken Access Control
A04:2021: Insecure Design
A07:2021: Identification and Authentication Failures

Available Labs

Open Python labs in SecDim Play for this vulnerability.

easy

Privilege Escalation.py

Python Easy FastAPI Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.