https://github.com/qeeqbox/horizontal-privilege-escalation

A threat actor may perform unauthorized functions belonging to another user with a similar privileges level
https://github.com/qeeqbox/horizontal-privilege-escalation

escalation example horizontal infosecsimplified metadata privilege qeeqbox visualization vulnerability

Last synced: 3 months ago
JSON representation

A threat actor may perform unauthorized functions belonging to another user with a similar privileges level

Host: GitHub
URL: https://github.com/qeeqbox/horizontal-privilege-escalation
Owner: qeeqbox
License: agpl-3.0
Created: 2022-04-26T22:20:16.000Z (about 3 years ago)
Default Branch: main
Last Pushed: 2024-01-29T01:04:56.000Z (over 1 year ago)
Last Synced: 2025-01-16T05:55:51.308Z (4 months ago)
Topics: escalation, example, horizontal, infosecsimplified, metadata, privilege, qeeqbox, visualization, vulnerability
Homepage:
Size: 143 KB
Stars: 2
Watchers: 1
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

A threat actor may perform unauthorized functions belonging to another user with a similar privileges level.

## Example #1
1. Threat actor alters a value that indicates users' group
2. Target authorizes adversary to perform functions as if they were part of that group

## Names
- Horizontal access control attack

## Impact
Vary

## Risk
- Read & modify data
- Execute commands

## Redemption
- Validate access control
- Least privileges

## ID
cb8496ab-c8f4-4fda-99a3-37e0b8bc2d55

## References
- [mitre](https://cwe.mitre.org/data/definitions/639.html)

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/qeeqbox/horizontal-privilege-escalation

Awesome Lists containing this project

README