Skip to content

A threat actor may perform unauthorized functions belonging to another user with a similar privileges level

License

Notifications You must be signed in to change notification settings

qeeqbox/horizontal-privilege-escalation

Repository files navigation

A threat actor may perform unauthorized functions belonging to another user with a similar privileges level.

Example #1

  1. Threat actor alters a value that indicates users' group
  2. Target authorizes adversary to perform functions as if they were part of that group

Names

  • Horizontal access control attack

Impact

Vary

Risk

  • Read & modify data
  • Execute commands

Redemption

  • Validate access control
  • Least privileges

ID

cb8496ab-c8f4-4fda-99a3-37e0b8bc2d55

References

About

A threat actor may perform unauthorized functions belonging to another user with a similar privileges level

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Sponsor this project