CWE-732
Incorrect Permission Assignment for Critical Resource
ClassDraftLikelihood: High
Description
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
When a resource is given a permission setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution, or sensitive user data. For example, consider a misconfigured storage account for the cloud that can be read or written by a public or anonymous user.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-1 · CAPEC-122 · CAPEC-127 · CAPEC-17 · CAPEC-180 · CAPEC-206 · CAPEC-234 · CAPEC-60 · CAPEC-61 · CAPEC-62 · CAPEC-642
CVEs mapped to this weakness (295)
page 13 of 15| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-8391 | Med | 0.36 | 5.5 | 0.00 | May 6, 2017 | The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation. | |
| CVE-2017-7849 | Med | 0.36 | 5.5 | 0.00 | Apr 19, 2017 | Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. | |
| CVE-2009-3897 | Med | 0.36 | 5.5 | 0.00 | Nov 24, 2009 | Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself. | |
| CVE-2009-1073 | Med | 0.36 | 5.5 | 0.00 | Mar 31, 2009 | nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field. | |
| CVE-2009-0141 | Med | 0.36 | 5.5 | 0.00 | Feb 13, 2009 | XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user. | |
| CVE-2026-1185 | Med | 0.35 | 5.4 | 0.00 | May 12, 2026 | A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH. | |
| CVE-2017-1266 | Med | 0.35 | 5.4 | 0.00 | Dec 20, 2017 | IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741. | |
| CVE-2017-1000221 | Med | 0.35 | 6.5 | 0.00 | Nov 17, 2017 | In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X. | |
| CVE-2017-15906 | Med | 0.35 | 5.3 | 0.03 | Oct 26, 2017 | The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | |
| CVE-2026-8612 | Med | 0.34 | 5.3 | 0.00 | May 15, 2026 | WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without overriding the backend's documented directory_umask of 000, so the cache root and its subdirectories are created mode 0777 with no sticky bit. Cache entries are named by sha1_hex of the request and read back through Storable::thaw on the next cache hit. A local attacker with write access to the cache tree can replace a victim's cache entry for a known URL with an arbitrary frozen HTTP::Response blob, causing the victim's next get() of that URL to return attacker controlled response bytes. Because the bytes are passed to Storable::thaw, a victim process that has loaded any class with a side-effectful STORABLE_thaw, DESTROY, or overload hook can be escalated to arbitrary code execution. | |
| CVE-2024-11176 | Med | 0.34 | — | 0.00 | Nov 20, 2024 | Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an authenticated user to access object information via incorrect evaluation of effective permissions. | |
| CVE-2017-7146 | Med | 0.34 | 5.3 | 0.00 | Oct 23, 2017 | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling. | |
| CVE-2017-9494 | Med | 0.34 | 5.3 | 0.00 | Jul 31, 2017 | The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet. | |
| CVE-2017-6356 | Med | 0.34 | 5.3 | 0.00 | Mar 20, 2017 | Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors. | |
| CVE-2017-0423 | Med | 0.34 | 5.3 | 0.00 | Feb 8, 2017 | An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586. | |
| CVE-2026-29516 | Med | 0.32 | 4.9 | 0.00 | Mar 16, 2026 | Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions on /etc/shadow to retrieve hashed passwords for all configured accounts including root. | |
| CVE-2024-41820 | Med | 0.32 | 6.0 | 0.00 | Aug 5, 2024 | Kubean is a cluster lifecycle management toolchain based on kubespray and other cluster LCM engine. The ClusterRole has `*` verbs of `*` resources. If a malicious user can access the worker node which has kubean's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. This issue has been addressed in release version 0.18.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |
| CVE-2024-32014 | Med | 0.31 | 4.7 | 0.00 | Nov 11, 2025 | A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative application privileges. | |
| CVE-2024-54910 | Med | 0.31 | 4.7 | 0.01 | Jan 10, 2025 | Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure Permissions via the File recovery function. | |
| CVE-2017-9079 | Med | 0.31 | 4.7 | 0.00 | May 19, 2017 | Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed. |