VYPR

CWE-1220

Insufficient Granularity of Access Control

BaseIncomplete

Description

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-180

CVEs mapped to this weakness (47)

page 3 of 3
  • CVE-2024-29200Mar 28, 2024
    risk 0.00cvss epss 0.01

    Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to true, on the frontend, users…

  • CVE-2023-33127Jul 11, 2023
    risk 0.00cvss epss 0.02

    .NET and Visual Studio Elevation of Privilege Vulnerability

  • CVE-2023-27591Mar 17, 2023
    risk 0.00cvss epss 0.01

    Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the `METRICS_COLLECTOR` configuration option is enabled and `METRICS_ALLOWED_NETWORKS` is set to `127.0.0.1/8` (the…

  • CVE-2022-4801Dec 28, 2022
    risk 0.00cvss epss 0.01

    Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4813Dec 28, 2022
    risk 0.00cvss epss 0.01

    Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-1025Jul 12, 2022
    risk 0.00cvss epss 0.01

    All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.

  • CVE-2021-20066Feb 16, 2021
    risk 0.00cvss epss 0.01

    JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.