Führe statische Analyse (SAST) auf der Codebasis aus und suche im Datenfluss nach dem unsicheren Muster.
CWE-270 Base Draft
Privilege Context Switching Error
This vulnerability occurs when an application fails to properly manage user permissions while moving between different security contexts, potentially allowing unauthorized actions.
Definition
What is CWE-270?
This vulnerability occurs when an application fails to properly manage user permissions while moving between different security contexts, potentially allowing unauthorized actions.
Think of this as a security guard who forgets to check their keys when moving between restricted areas. In software, this happens when a process or thread switches between different privilege levels—like going from a low-privilege user mode to a high-privilege kernel mode, or when handling data from different trust zones—but doesn't correctly reset or validate its access rights. The system might carry over elevated permissions from a previous task, creating a window where an attacker can execute code or access data they shouldn't have.
For developers, the core issue is a broken trust boundary during state transitions. Common pitfalls include temporarily raising privileges for a specific task but failing to drop them immediately afterward, or incorrectly assuming a new context inherits a safe default. To prevent this, always adopt the principle of least privilege explicitly during context switches: deliberately set the required permissions for the new operation and never rely on implicit state. Audit any code that changes execution context, such as system calls, callback handlers, or data parsers, to ensure privilege cleanup is mandatory and fail-safe.
Auswirkungen in der Praxis
Real-world CVEs caused by CWE-270
-
Web browser cross domain problem when user hits "back" button.
-
Web browser cross domain problem when user hits "back" button.
-
Cross-domain issue - third party product passes code to web browser, which executes it in unsafe zone.
-
Run callback in different security context after it has been changed from untrusted to trusted. * note that "context switch before actions are completed" is one type of problem that happens frequently, espec. in browsers.
Wie Angreifer es ausnutzen
Angreiferpfad Schritt für Schritt
- 1
Identifiziere einen Codepfad, der nicht vertrauenswürdige Eingaben ohne Validierung verarbeitet.
- 2
Erzeuge eine Payload, die das unsichere Verhalten auslöst — Injection, Traversal, Overflow oder Logik-Missbrauch.
- 3
Liefere die Payload über einen normalen Request aus und beobachte die Reaktion der Anwendung.
- 4
Iteriere, bis die Antwort Daten preisgibt, Angreifer-Code ausführt oder Berechtigungen eskaliert.
Verwundbares Codebeispiel
Vulnerable pseudo
MITRE hat kein Codebeispiel für diese CWE veröffentlicht. Das untenstehende Muster ist illustrativ — kanonische Referenzen findest du unter Ressourcen.
// Example pattern — see MITRE for the canonical references.
function handleRequest(input) {
// Untrusted input flows directly into the sensitive sink.
return executeUnsafe(input);
} Sicheres Codebeispiel
Secure pseudo
// Validate, sanitize, or use a safe API before reaching the sink.
function handleRequest(input) {
const safe = validateAndEscape(input);
return executeWithGuards(safe);
} What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Präventions-Checkliste
How to prevent CWE-270
- Architecture and Design / Operation Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
- Architecture and Design / Operation Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
- Architecture and Design Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
Erkennungssignale
How to detect CWE-270
Führe dynamische Application-Security-Tests gegen den Live-Endpoint aus.
Beobachte Runtime-Logs auf ungewöhnliche Exception-Traces, fehlerhafte Eingaben oder Versuche, Autorisierung zu umgehen.
Code Review: Markiere jeden neuen Code, der Eingaben von dieser Oberfläche ohne validierte Framework-Helper verarbeitet.
Plexicus erkennt CWE-270 automatisch und öffnet in unter 60 Sekunden einen Fix-PR.
Codex Remedium scannt jeden Commit, identifiziert genau diese Schwachstelle und liefert einen reviewer-ready Pull Request mit dem Patch. Keine Tickets. Keine Hand-offs.
Häufig gestellte Fragen Was ist CWE-270?
Wie gravierend ist CWE-270?
Welche Sprachen oder Plattformen sind von CWE-270 betroffen?
Wie kann ich CWE-270 verhindern?
Wie erkennt und behebt Plexicus CWE-270?
Wo erfahre ich mehr über CWE-270?
Frequently asked questions
Was ist CWE-270?
This vulnerability occurs when an application fails to properly manage user permissions while moving between different security contexts, potentially allowing unauthorized actions.
Wie gravierend ist CWE-270?
MITRE hat für diese Schwachstelle keine Exploit-Wahrscheinlichkeit veröffentlicht. Behandle sie als mittlere Auswirkung, bis dein Threat Model anderes belegt.
Welche Sprachen oder Plattformen sind von CWE-270 betroffen?
MITRE hat für diese CWE keine betroffenen Plattformen spezifiziert — sie kann in den meisten Anwendungs-Stacks auftreten.
Wie kann ich CWE-270 verhindern?
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software. Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need…
Wie erkennt und behebt Plexicus CWE-270?
Die SAST-Engine von Plexicus erkennt die Datenfluss-Signatur von CWE-270 bei jedem Commit. Bei einem Treffer öffnet unser Codex-Remedium-Agent einen Fix-PR mit korrigiertem Code, Tests und einer einzeiligen Zusammenfassung für den Reviewer.
Wo erfahre ich mehr über CWE-270?
MITRE veröffentlicht die kanonische Definition unter https://cwe.mitre.org/data/definitions/270.html. Für ergänzende Hinweise kannst du auch die OWASP- und NIST-Dokumentation heranziehen.
Verwandte Schwachstellen
Weaknesses related to CWE-270
CWE-269 Parent
Improper Privilege Management
This vulnerability occurs when an application fails to correctly manage user permissions, allowing someone to perform actions or access…
CWE-250 Sibling
Execution with Unnecessary Privileges
This vulnerability occurs when software runs with higher permissions than it actually needs to perform its tasks. This excessive privilege…
CWE-266 Sibling
Incorrect Privilege Assignment
This vulnerability occurs when a system mistakenly grants a user, process, or entity a specific permission or privilege they should not…
CWE-267 Sibling
Privilege Defined With Unsafe Actions
This vulnerability occurs when a system grants a user, role, or process a specific permission that can be misused to perform dangerous,…
CWE-268 Sibling
Privilege Chaining
Privilege chaining occurs when an attacker combines two separate permissions or capabilities, neither of which is dangerous on its own, to…
CWE-271 Sibling
Privilege Dropping / Lowering Errors
This vulnerability occurs when a system or process fails to reduce its elevated permissions before transferring control of a resource to a…
CWE-274 Sibling
Improper Handling of Insufficient Privileges
This vulnerability occurs when an application fails to properly manage situations where it lacks the necessary permissions to execute an…
CWE-648 Sibling
Incorrect Use of Privileged APIs
This vulnerability occurs when software incorrectly uses functions that require special permissions. Attackers can exploit these mistakes…
Ressourcen
Further reading
- MITRE — offizielle CWE-270 https://cwe.mitre.org/data/definitions/270.html
- Writing Secure Code https://www.microsoftpressstore.com/store/writing-secure-code-9780735617223
- Least Privilege https://web.archive.org/web/20211209014121/https://www.cisa.gov/uscert/bsi/articles/knowledge/principles/least-privilege
Bereit, wenn du es bist
Schluss mit dem Bezahlen pro Entwickler.
Schließ den Kreislauf.
Plexicus ist die KI-native ASPM, die scannt, filtert, fixt, pentestet und erklärt — autonom. Unbegrenzte Entwickler, unbegrenzte Repos, Fair-Use-KI-Aktionen. Echter kostenloser Tarif, €269/mo jährlich, wenn du bereit bist.