CWE-708
Incorrect Ownership Assignment
Description
The product assigns an owner to a resource, but the owner is outside of the intended control sphere.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40196 | Hig | 0.46 | 8.1 | 0.00 | Apr 17, 2026 | HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface… | ||
| CVE-2023-29122 | — | Med | 0.44 | 6.7 | 0.00 | Nov 5, 2024 | Under certain conditions, access to service libraries is granted to account they should not have access to. | |
| CVE-2021-26248 | Med | 0.36 | 5.5 | 0.00 | Nov 19, 2021 | Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | ||
| CVE-2026-32691 | 0.00 | — | 0.00 | Mar 18, 2026 | A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated… |
- risk 0.46cvss 8.1epss 0.00
HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface…
- risk 0.44cvss 6.7epss 0.00
Under certain conditions, access to service libraries is granted to account they should not have access to.
- risk 0.36cvss 5.5epss 0.00
Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CVE-2026-32691Mar 18, 2026risk 0.00cvss —epss 0.00
A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated…