CWE-732
Incorrect Permission Assignment for Critical Resource
Description
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-1 · CAPEC-122 · CAPEC-127 · CAPEC-17 · CAPEC-180 · CAPEC-206 · CAPEC-234 · CAPEC-60 · CAPEC-61 · CAPEC-62 · CAPEC-642
CVEs mapped to this weakness (623)
page 13 of 32| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54546 | — | Hig | 0.49 | 7.5 | 0.00 | Oct 29, 2025 | On affected platforms, restricted users could use SSH port forwarding to access host-internal services | |
| CVE-2025-41664 | — | Hig | 0.49 | 7.5 | 0.00 | Sep 8, 2025 | A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify… | |
| CVE-2025-0590 | Hig | 0.49 | 7.5 | 0.00 | Jan 20, 2025 | Improper permission settings for mobile applications (com.transsion.carlcare) may lead to information leakage risk. | ||
| CVE-2024-45497 | Hig | 0.49 | 7.6 | 0.01 | Dec 31, 2024 | A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from… | ||
| CVE-2024-44729 | Hig | 0.49 | 7.5 | 0.01 | Oct 11, 2024 | Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting. | ||
| CVE-2024-29078 | Hig | 0.49 | 7.5 | 0.00 | May 28, 2024 | Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings. | ||
| CVE-2018-8848 | Hig | 0.49 | 7.5 | 0.02 | Sep 26, 2018 | Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor. | ||
| CVE-2018-15502 | Hig | 0.49 | 7.5 | 0.01 | Sep 12, 2018 | Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs. | ||
| CVE-2018-1000660 | Hig | 0.49 | 7.5 | 0.01 | Sep 6, 2018 | TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function get_package_name in the file kernel/src/tbfheader.rs, variable "pub package_name: &'static str,"… | ||
| CVE-2018-15491 | Hig | 0.49 | 7.5 | 0.01 | Aug 18, 2018 | A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit execution of unauthorized… | ||
| CVE-2018-10869 | Hig | 0.49 | 7.5 | 0.03 | Jul 19, 2018 | redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd. | ||
| CVE-2018-12922 | Hig | 0.49 | 7.5 | 0.02 | Jun 28, 2018 | Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI. | ||
| CVE-2018-1000511 | Hig | 0.49 | 7.5 | 0.01 | Jun 26, 2018 | WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in… | ||
| CVE-2018-0982 | Hig | 0.49 | 7.0 | 0.03 | Jun 14, 2018 | An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||
| CVE-2018-1000072 | Hig | 0.49 | 7.5 | 0.02 | Mar 13, 2018 | iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration files.. This attack appear to be exploitable via network… | ||
| CVE-2018-1000071 | Hig | 0.49 | 7.5 | 0.02 | Mar 13, 2018 | roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity. | ||
| CVE-2018-0089 | Hig | 0.49 | 7.5 | 0.01 | Jan 18, 2018 | A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would… | ||
| CVE-2017-17568 | Hig | 0.49 | 7.5 | 0.01 | Dec 13, 2017 | Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request. | ||
| CVE-2017-1000125 | Hig | 0.49 | 7.5 | 0.01 | Nov 17, 2017 | Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. | ||
| CVE-2017-0845 | Hig | 0.49 | 7.5 | 0.00 | Nov 16, 2017 | A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827. |
- risk 0.49cvss 7.5epss 0.00
On affected platforms, restricted users could use SSH port forwarding to access host-internal services
- risk 0.49cvss 7.5epss 0.00
A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify…
- risk 0.49cvss 7.5epss 0.00
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to information leakage risk.
- risk 0.49cvss 7.6epss 0.01
A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from…
- risk 0.49cvss 7.5epss 0.01
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting.
- risk 0.49cvss 7.5epss 0.00
Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings.
- risk 0.49cvss 7.5epss 0.02
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.
- risk 0.49cvss 7.5epss 0.01
Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs.
- risk 0.49cvss 7.5epss 0.01
TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function get_package_name in the file kernel/src/tbfheader.rs, variable "pub package_name: &'static str,"…
- risk 0.49cvss 7.5epss 0.01
A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit execution of unauthorized…
- risk 0.49cvss 7.5epss 0.03
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
- risk 0.49cvss 7.5epss 0.02
Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI.
- risk 0.49cvss 7.5epss 0.01
WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in…
- risk 0.49cvss 7.0epss 0.03
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- risk 0.49cvss 7.5epss 0.02
iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration files.. This attack appear to be exploitable via network…
- risk 0.49cvss 7.5epss 0.02
roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.
- risk 0.49cvss 7.5epss 0.01
A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would…
- risk 0.49cvss 7.5epss 0.01
Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request.
- risk 0.49cvss 7.5epss 0.01
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.
- risk 0.49cvss 7.5epss 0.00
A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827.