Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/qeeqbox/horizontal-privilege-escalation
A threat actor may perform unauthorized functions belonging to another user with a similar privileges level
https://github.com/qeeqbox/horizontal-privilege-escalation
escalation example horizontal infosecsimplified metadata privilege qeeqbox visualization vulnerability
Last synced: 2 days ago
JSON representation
A threat actor may perform unauthorized functions belonging to another user with a similar privileges level
- Host: GitHub
- URL: https://github.com/qeeqbox/horizontal-privilege-escalation
- Owner: qeeqbox
- License: agpl-3.0
- Created: 2022-04-26T22:20:16.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-01-29T01:04:56.000Z (10 months ago)
- Last Synced: 2024-05-01T11:27:23.665Z (7 months ago)
- Topics: escalation, example, horizontal, infosecsimplified, metadata, privilege, qeeqbox, visualization, vulnerability
- Homepage:
- Size: 143 KB
- Stars: 2
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
A threat actor may perform unauthorized functions belonging to another user with a similar privileges level.
## Example #1
1. Threat actor alters a value that indicates users' group
2. Target authorizes adversary to perform functions as if they were part of that group
## Names
- Horizontal access control attack
## Impact
Vary
## Risk
- Read & modify data
- Execute commands
## Redemption
- Validate access control
- Least privileges
## ID
cb8496ab-c8f4-4fda-99a3-37e0b8bc2d55
## References
- [mitre](https://cwe.mitre.org/data/definitions/639.html)