VYPR

CWE-732

Incorrect Permission Assignment for Critical Resource

ClassDraftLikelihood: High

Description

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

When a resource is given a permission setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution, or sensitive user data. For example, consider a misconfigured storage account for the cloud that can be read or written by a public or anonymous user.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-122 · CAPEC-127 · CAPEC-17 · CAPEC-180 · CAPEC-206 · CAPEC-234 · CAPEC-60 · CAPEC-61 · CAPEC-62 · CAPEC-642

CVEs mapped to this weakness (623)

page 23 of 32
  • CVE-2026-50590MedJun 5, 2026
    risk 0.29cvss 4.5epss 0.00

    In Mimecast Incydr before 2.6.0, arbitrary file access can occur.

  • CVE-2026-45246MedMay 18, 2026
    risk 0.29cvss 5.5epss 0.00

    Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration…

  • CVE-2026-7431MedMay 12, 2026
    risk 0.29cvss 4.4epss 0.00

    An incorrect permission assignment for critical resource of Ivanti Secure Access Client   before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section.

  • CVE-2026-41686MedMay 4, 2026
    risk 0.29cvss 4.4epss 0.00

    Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the…

  • CVE-2026-41366MedApr 28, 2026
    risk 0.29cvss 5.5epss 0.00

    OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive…

  • CVE-2023-38037MedJan 9, 2025
    risk 0.29cvss 5.5epss 0.00

    ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary…

  • CVE-2024-27883MedJul 29, 2024
    risk 0.29cvss 4.4epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system.

  • CVE-2018-5540MedJul 19, 2018
    risk 0.29cvss 4.4epss 0.00

    On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges…

  • CVE-2026-42058MedMay 13, 2026
    risk 0.28cvss 4.3epss 0.00

    An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2025-52923MedJun 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Sangfor aTrust through 2.4.10 allows users to modify the ExecStartPre command.

  • CVE-2023-6506MedJan 11, 2024
    risk 0.28cvss 4.3epss 0.00

    The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. This makes it possible…

  • CVE-2018-15869MedAug 25, 2018
    risk 0.28cvss 5.3epss 0.02

    An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious…

  • CVE-2018-10856MedJul 3, 2018
    risk 0.28cvss 5.3epss 0.01

    It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.

  • CVE-2018-12615MedJun 21, 2018
    risk 0.28cvss 5.3epss 0.01

    An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while…

  • CVE-2017-2612MedMay 15, 2018
    risk 0.28cvss 5.4epss 0.02

    In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

  • CVE-2017-16754MedNov 10, 2017
    risk 0.28cvss 5.3epss 0.02

    Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.

  • CVE-2017-5118MedOct 27, 2017
    risk 0.28cvss 4.3epss 0.01

    Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2017-2115MedApr 28, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.

  • CVE-2017-0884MedApr 5, 2017
    risk 0.28cvss 4.3epss 0.01

    Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this…

  • CVE-2026-8612MedMay 15, 2026
    risk 0.27cvss 5.3epss 0.00

    WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under…