VYPR

CWE-732

Incorrect Permission Assignment for Critical Resource

ClassDraftLikelihood: High

Description

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

When a resource is given a permission setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution, or sensitive user data. For example, consider a misconfigured storage account for the cloud that can be read or written by a public or anonymous user.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-122 · CAPEC-127 · CAPEC-17 · CAPEC-180 · CAPEC-206 · CAPEC-234 · CAPEC-60 · CAPEC-61 · CAPEC-62 · CAPEC-642

CVEs mapped to this weakness (623)

page 21 of 32
  • CVE-2018-6536MedFeb 2, 2018
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification…

  • CVE-2017-7560MedSep 13, 2017
    risk 0.36cvss 5.5epss 0.00

    It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.

  • CVE-2017-0601MedMay 12, 2017
    risk 0.36cvss 5.5epss 0.00

    An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product:…

  • CVE-2017-8391MedMay 6, 2017
    risk 0.36cvss 5.5epss 0.00

    The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after…

  • CVE-2017-7849MedApr 19, 2017
    risk 0.36cvss 5.5epss 0.00

    Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode.

  • CVE-2009-3897MedNov 24, 2009
    risk 0.36cvss 5.5epss 0.00

    Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the…

  • CVE-2009-1073MedMar 31, 2009
    risk 0.36cvss 5.5epss 0.01

    nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.

  • CVE-2009-0141MedFeb 13, 2009
    risk 0.36cvss 5.5epss 0.00

    XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user.

  • CVE-2026-1185MedMay 12, 2026
    risk 0.35cvss 5.4epss 0.00

    A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH.

  • CVE-2026-41911MedApr 28, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit upload_file and upload_image endpoints to access files beyond the intended workspace-only…

  • CVE-2018-1420MedOct 1, 2018
    risk 0.35cvss 5.3epss 0.01

    IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.

  • CVE-2018-16958MedSep 18, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers.…

  • CVE-2018-16703MedSep 7, 2018
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to…

  • CVE-2018-1000547MedJun 26, 2018
    risk 0.35cvss 5.3epss 0.01

    coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. .

  • CVE-2017-5426MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to…

  • CVE-2017-6928MedMar 1, 2018
    risk 0.35cvss 5.3epss 0.01

    Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to…

  • CVE-2018-7169MedFeb 15, 2018
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to…

  • CVE-2017-1266MedDec 20, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.

  • CVE-2017-1000221MedNov 17, 2017
    risk 0.35cvss 6.5epss 0.01

    In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a…

  • CVE-2017-15906MedOct 26, 2017
    risk 0.35cvss 5.3epss 0.03

    The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.