Skip to content

qeeqbox/horizontal-privilege-escalation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

horizontal-privilege-escalation.drawio

horizontal-privilege-escalation.drawio

 
 

horizontal-privilege-escalation.png

horizontal-privilege-escalation.png

 
 

Repository files navigation

A threat actor may perform unauthorized functions belonging to another user with a similar privileges level.

Example #1

  1. Threat actor alters a value that indicates users' group
  2. Target authorizes adversary to perform functions as if they were part of that group

Names

  • Horizontal access control attack

Impact

Vary

Risk

  • Read & modify data
  • Execute commands

Redemption

  • Validate access control
  • Least privileges

ID

cb8496ab-c8f4-4fda-99a3-37e0b8bc2d55

References

About

A threat actor may perform unauthorized functions belonging to another user with a similar privileges level

Topics

visualization metadata example horizontal vulnerability escalation privilege qeeqbox infosecsimplified

Resources

Readme

License

AGPL-3.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Sponsor this project

 
Learn more about GitHub Sponsors