VYPR

CWE-638

Not Using Complete Mediation

ClassDraft

Description

The product does not perform access checks on a resource every time the resource is accessed by an entity, which can create resultant weaknesses if that entity's rights or privileges change over time.

Hierarchy (View 1000)

Children

Related attack patterns (CAPEC)

CAPEC-104

CVEs mapped to this weakness (1)

  • CVE-2024-56512Dec 28, 2024
    risk 0.00cvss epss 0.03

    Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter…