VYPR

CWE-276

Incorrect Default Permissions

BaseDraftLikelihood: Medium

Description

During installation, installed file permissions are set to allow anyone to modify those files.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-127 · CAPEC-81

CVEs mapped to this weakness (474)

page 10 of 24
  • CVE-2024-32368HigApr 22, 2024
    risk 0.47cvss 7.3epss 0.00

    Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-Lead ECG Monitor FW Version 3.0 allows a local attacker to cause a denial of service via the Bluetooth Low Energy (BLE) component.

  • CVE-2026-47107HigMay 19, 2026
    risk 0.46cvss 8.1epss 0.00

    Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and…

  • CVE-2025-48512HigMay 15, 2026
    risk 0.46cvss epss 0.00

    Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.

  • CVE-2026-6823HigApr 21, 2026
    risk 0.46cvss 8.2epss 0.00

    HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access…

  • CVE-2025-13905HigJan 29, 2026
    risk 0.46cvss epss 0.00

    CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installation folder by a local user with normal privilege upon service restart.

  • CVE-2025-61667HigNov 12, 2025
    risk 0.46cvss epss 0.00

    The Datadog Agent collects events and metrics from hosts and sends them to Datadog. A vulnerability within the Datadog Linux Host Agent versions 7.65.0 through 7.70.2 exists due to insufficient permissions being set on the `opt/datadog-agent/python-scripts/__pycache__` directory…

  • CVE-2025-49006HigJun 9, 2025
    risk 0.46cvss epss 0.00

    Wasp (Web Application Specification) is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementation (affecting only Keycloak with a specific config). Wasp currently lowercases…

  • CVE-2025-24176HigJan 27, 2025
    risk 0.46cvss 7.1epss 0.00

    A permissions issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A local attacker may be able to elevate their privileges.

  • CVE-2024-52867HigNov 17, 2024
    risk 0.46cvss 8.1epss 0.00

    guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain…

  • CVE-2024-49504HigNov 13, 2024
    risk 0.46cvss epss 0.00

    grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.

  • CVE-2024-40805HigJul 29, 2024
    risk 0.46cvss 7.1epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.

  • CVE-2023-38291HigApr 22, 2024
    risk 0.46cvss 7.1epss 0.00

    An issue was discovered in a third-party component related to ro.boot.wifimacaddr, shipped on devices from multiple device manufacturers. Various software builds for the following TCL devices (30Z and 10L) and Motorola devices (Moto G Pure and Moto G Power) leak the Wi-Fi MAC…

  • CVE-2018-14335MedJul 24, 2018
    risk 0.46cvss 6.5epss 0.13

    An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.

  • CVE-2017-12699HigSep 9, 2017
    risk 0.46cvss 7.1epss 0.00

    An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones.

  • CVE-2017-1382HigJul 24, 2017
    risk 0.46cvss 7.1epss 0.00

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force…

  • CVE-2025-48516MedMay 15, 2026
    risk 0.45cvss epss 0.00

    Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module.

  • CVE-2025-62661MedOct 21, 2025
    risk 0.45cvss epss 0.00

    Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mediawiki - Thanks Extension, Mediawiki - Growth…

  • CVE-2025-62668MedOct 18, 2025
    risk 0.45cvss epss 0.00

    Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Resource Leak Exposure.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39.

  • CVE-2024-12564MedDec 12, 2024
    risk 0.45cvss epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to…

  • CVE-2026-50255MedJun 16, 2026
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed with SYSTEM privileges.