CWE-270 - Privilege Context Switching Error
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Privilege Context Switching Error
Description
The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.
Common Consequences
Scope: Access Control
Impact: Gain Privileges or Assume Identity
Notes: A user can assume the identity of another user with separate privileges in another context. This will give the user unauthorized access that may allow them to acquire the access information of other users.