VYPR

CWE-276

Incorrect Default Permissions

BaseDraftLikelihood: Medium

Description

During installation, installed file permissions are set to allow anyone to modify those files.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-127 · CAPEC-81

CVEs mapped to this weakness (474)

page 15 of 24
  • CVE-2025-31261MedMay 29, 2025
    risk 0.36cvss 5.5epss 0.00

    A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access protected user data.

  • CVE-2024-51765MedNov 15, 2024
    risk 0.36cvss 5.5epss 0.00

    A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.

  • CVE-2024-51764MedNov 15, 2024
    risk 0.36cvss 5.5epss 0.00

    A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.

  • CVE-2024-44151MedSep 17, 2024
    risk 0.36cvss 5.5epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to modify protected parts of the file system.

  • CVE-2024-44135MedSep 17, 2024
    risk 0.36cvss 5.5epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. An app may be able to access protected files within an App Sandbox container.

  • CVE-2024-27888MedJul 29, 2024
    risk 0.36cvss 5.5epss 0.00

    A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Sonoma 14.4. An app may be able to modify protected parts of the file system.

  • CVE-2024-23295MedMar 8, 2024
    risk 0.36cvss 5.5epss 0.00

    A permissions issue was addressed to help ensure Personas are always protected. This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona.

  • CVE-2024-23201MedMar 8, 2024
    risk 0.36cvss 5.5epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, watchOS 10.3. An app may be able to cause a denial-of-service.

  • CVE-2017-7761MedJun 11, 2018
    risk 0.36cvss 5.5epss 0.00

    The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the…

  • CVE-2018-0023MedApr 11, 2018
    risk 0.36cvss 5.5epss 0.00

    JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory…

  • CVE-2017-6404MedMar 2, 2017
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.

  • CVE-2002-1713MedDec 31, 2002
    risk 0.36cvss 5.5epss 0.00

    The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.

  • CVE-2026-20718MedMay 12, 2026
    risk 0.35cvss epss 0.00

    Incorrect default permissions for some Intel(R) NPU Driver software installers before version 32.0.100.4511 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack…

  • CVE-2017-1000089MedOct 5, 2017
    risk 0.35cvss 5.3epss 0.01

    Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project…

  • CVE-2017-1000084MedOct 5, 2017
    risk 0.35cvss 6.5epss 0.01

    Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.

  • CVE-2025-32749MedMay 22, 2026
    risk 0.34cvss 5.3epss 0.00

    Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

  • CVE-2025-43444MedNov 4, 2025
    risk 0.34cvss 5.3epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to fingerprint the user.

  • CVE-2024-10183MedOct 22, 2024
    risk 0.34cvss epss 0.00

    A vulnerability in Jamf Pro's Jamf Remote Assist tool allows a local, non-privileged user to escalate their privileges to root on MacOS systems.

  • CVE-2024-28862MedMar 16, 2024
    risk 0.34cvss 5.3epss 0.00

    The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after…

  • CVE-2024-22301MedJan 24, 2024
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo Pretorio On line.This issue affects Albo Pretorio On line: from n/a through 4.6.6.