Horizontal Privilege Escalation
What is Horizontal Privilege Escalation?
Horizontal Privilege EscalationA flaw that lets a user access resources or actions of another user with the same privilege level rather than gaining higher rights.
In horizontal escalation an attacker remains at the same trust tier but breaks tenant or per-user isolation: account A reads, modifies or impersonates account B. The most common cause is Broken Access Control — APIs that trust client-supplied identifiers (user IDs, account numbers, document GUIDs) without checking ownership server-side. Insecure Direct Object References, predictable identifiers, missing tenant scoping, and session-fixation bugs are typical roots. Impact ranges from data exposure to financial fraud and is especially damaging in multi-tenant SaaS. Mitigations include enforcing authorization on every object reference, scoping queries by current user/tenant, using unguessable identifiers, and adding automated tests for cross-account access.
● Examples
- 01
Changing the userId in /api/users/123/profile to view another user's profile.
- 02
A SaaS multi-tenant bug allowing tenant A to query tenant B's orders.
● Frequently asked questions
What is Horizontal Privilege Escalation?
A flaw that lets a user access resources or actions of another user with the same privilege level rather than gaining higher rights. It belongs to the Vulnerabilities category of cybersecurity.
What does Horizontal Privilege Escalation mean?
A flaw that lets a user access resources or actions of another user with the same privilege level rather than gaining higher rights.
How do you defend against Horizontal Privilege Escalation?
Defences for Horizontal Privilege Escalation typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Horizontal Privilege Escalation?
Common alternative names include: Horizontal EoP, Cross-account access.