Safeguard
Tag

privilege-escalation

Safeguard articles tagged "privilege-escalation" — guides, analysis, and best practices for software supply chain and application security.

43 articles

Cloud Security

AWS IAM: common vulnerabilities and fixes

Rhino Security Labs catalogs 21+ IAM privilege-escalation paths to full admin — most start with one over-scoped policy nobody remembers writing.

Jul 16, 20266 min read
Cloud Security

Common AWS IAM privilege-escalation paths and how to design least privilege

Rhino Security Labs cataloged 21 distinct AWS IAM privilege-escalation methods in 2018 — most still work today, and most are invisible to a manifest scan.

Jul 14, 20266 min read
Cloud Security

A guide to AWS IAM permissions boundaries for delegated administration

AWS IAM lets any principal with iam:CreateRole and iam:AttachRolePolicy hand themselves admin — permissions boundaries are the one native control built to stop it.

Jul 8, 20265 min read
Container Security

CTF Writeup: Container SETUID Escape Techniques

A container-local root shell is not the flag. CVE-2019-5736 and CVE-2021-4034 both show how a SETUID binary inside a container can become a host compromise.

Jul 8, 20266 min read
Vulnerability Analysis

Confluence Broken Access Control Zero-Day (CVE-2023-22515) Explained

CVE-2023-22515 let unauthenticated attackers create rogue administrator accounts on Confluence Data Center and Server. Here's the broken-access-control flaw and how to fix it.

Jul 7, 20265 min read
Vulnerability Guides

What Is Privilege Escalation? A 2026 Explainer

Privilege escalation is how a limited foothold becomes full control. This explainer covers vertical vs. horizontal paths across Linux, containers, and cloud IAM.

Jul 7, 20265 min read
Vulnerability Analysis

Dirty Pipe (CVE-2022-0847) Explained: Overwriting Read-Only Files in the Linux Kernel

CVE-2022-0847, Dirty Pipe, let unprivileged users overwrite data in read-only files through an uninitialized pipe flag — a clean path to root. Here is the page-cache mechanism behind it.

Jul 6, 20265 min read
Vulnerability Analysis

Baron Samedit (CVE-2021-3156) Explained: The Sudo Root Overflow

CVE-2021-3156, Baron Samedit, is a heap overflow in sudo that gives any local user root and hid in plain sight for nearly a decade. Here is the root cause, a one-line test, and the patched version.

Jul 4, 20266 min read
Vulnerability Analysis

Cisco IOS XE CVE-2023-20198 Explained: The Web UI Privilege Escalation Zero-Day

CVE-2023-20198 is an unauthenticated privilege escalation in the Cisco IOS XE Web UI, rated CVSS 10.0, that let attackers implant tens of thousands of devices in days. Here is how it worked and how to remediate.

Jul 3, 20266 min read
Vulnerability Analysis

Zerologon: The Netlogon Cryptographic Flaw (CVE-2020-1472) Explained

CVE-2020-1472 let an unauthenticated attacker seize a domain controller in seconds by exploiting an all-zero AES-CFB8 initialization vector. Here's the real mechanism and the fix.

Jul 2, 20266 min read
Vulnerability Analysis

PwnKit (CVE-2021-4034) Explained: Root From a 12-Year-Old Polkit Bug

CVE-2021-4034, aka PwnKit, is a memory-corruption flaw in polkit's pkexec that gives any local user reliable root on nearly every Linux distribution. Here is how it works and how to close it.

Jul 1, 20265 min read
Application Security

AWS IAM permissions boundaries best practices

How AWS IAM permissions boundaries cap delegated identities, differ from SCPs, and where teams get privilege escalation wrong.

Jun 20, 20267 min read
privilege-escalation — Safeguard Blog