VYPR

CWE-708

Incorrect Ownership Assignment

BaseIncomplete

Description

The product assigns an owner to a resource, but the owner is outside of the intended control sphere.

This may allow the resource to be manipulated by actors outside of the intended control sphere.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (4)

  • CVE-2026-40196HigApr 17, 2026
    risk 0.46cvss 8.1epss 0.00

    HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface…

  • CVE-2023-29122MedNov 5, 2024
    risk 0.44cvss 6.7epss 0.00

    Under certain conditions, access to service libraries is granted to account they should not have access to.

  • CVE-2021-26248MedNov 19, 2021
    risk 0.36cvss 5.5epss 0.00

    Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

  • CVE-2026-32691Mar 18, 2026
    risk 0.00cvss epss 0.00

    A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated…