> The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources.
Quote from the CVSS specification
Vulnerabilities with this tag were given a CVSS rating as part of the
requirement to be included into the [National Vulnerability
Database](https://nvd.nist.gov/). You can learn more about what the individual
scores mean in the [CVSS specification
document](https://www.first.org/cvss/specification-document).
The Vulnerability History Project