CWE-732
Incorrect Permission Assignment for Critical Resource
Description
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-1 · CAPEC-122 · CAPEC-127 · CAPEC-17 · CAPEC-180 · CAPEC-206 · CAPEC-234 · CAPEC-60 · CAPEC-61 · CAPEC-62 · CAPEC-642
CVEs mapped to this weakness (623)
page 23 of 32| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-50590 | Med | 0.29 | 4.5 | 0.00 | Jun 5, 2026 | In Mimecast Incydr before 2.6.0, arbitrary file access can occur. | ||
| CVE-2026-45246 | Med | 0.29 | 5.5 | 0.00 | May 18, 2026 | Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration… | ||
| CVE-2026-7431 | Med | 0.29 | 4.4 | 0.00 | May 12, 2026 | An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section. | ||
| CVE-2026-41686 | Med | 0.29 | 4.4 | 0.00 | May 4, 2026 | Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the… | ||
| CVE-2026-41366 | Med | 0.29 | 5.5 | 0.00 | Apr 28, 2026 | OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive… | ||
| CVE-2023-38037 | Med | 0.29 | 5.5 | 0.00 | Jan 9, 2025 | ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary… | ||
| CVE-2024-27883 | Med | 0.29 | 4.4 | 0.00 | Jul 29, 2024 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system. | ||
| CVE-2018-5540 | Med | 0.29 | 4.4 | 0.00 | Jul 19, 2018 | On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges… | ||
| CVE-2026-42058 | — | Med | 0.28 | 4.3 | 0.00 | May 13, 2026 | An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |
| CVE-2025-52923 | Med | 0.28 | 4.3 | 0.00 | Jun 22, 2025 | Sangfor aTrust through 2.4.10 allows users to modify the ExecStartPre command. | ||
| CVE-2023-6506 | Med | 0.28 | 4.3 | 0.00 | Jan 11, 2024 | The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. This makes it possible… | ||
| CVE-2018-15869 | — | Med | 0.28 | 5.3 | 0.02 | Aug 25, 2018 | An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious… | |
| CVE-2018-10856 | Med | 0.28 | 5.3 | 0.01 | Jul 3, 2018 | It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container. | ||
| CVE-2018-12615 | — | Med | 0.28 | 5.3 | 0.01 | Jun 21, 2018 | An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while… | |
| CVE-2017-2612 | — | Med | 0.28 | 5.4 | 0.02 | May 15, 2018 | In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK. | |
| CVE-2017-16754 | Med | 0.28 | 5.3 | 0.02 | Nov 10, 2017 | Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. | ||
| CVE-2017-5118 | Med | 0.28 | 4.3 | 0.01 | Oct 27, 2017 | Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||
| CVE-2017-2115 | Med | 0.28 | 4.3 | 0.01 | Apr 28, 2017 | Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. | ||
| CVE-2017-0884 | Med | 0.28 | 4.3 | 0.01 | Apr 5, 2017 | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this… | ||
| CVE-2026-8612 | Med | 0.27 | 5.3 | 0.00 | May 15, 2026 | WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under… |
- risk 0.29cvss 4.5epss 0.00
In Mimecast Incydr before 2.6.0, arbitrary file access can occur.
- risk 0.29cvss 5.5epss 0.00
Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration…
- risk 0.29cvss 4.4epss 0.00
An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section.
- risk 0.29cvss 4.4epss 0.00
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the…
- risk 0.29cvss 5.5epss 0.00
OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive…
- risk 0.29cvss 5.5epss 0.00
ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary…
- risk 0.29cvss 4.4epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system.
- risk 0.29cvss 4.4epss 0.00
On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges…
- risk 0.28cvss 4.3epss 0.00
An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- risk 0.28cvss 4.3epss 0.00
Sangfor aTrust through 2.4.10 allows users to modify the ExecStartPre command.
- risk 0.28cvss 4.3epss 0.00
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. This makes it possible…
- risk 0.28cvss 5.3epss 0.02
An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious…
- risk 0.28cvss 5.3epss 0.01
It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.
- risk 0.28cvss 5.3epss 0.01
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while…
- risk 0.28cvss 5.4epss 0.02
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.
- risk 0.28cvss 5.3epss 0.02
Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.
- risk 0.28cvss 4.3epss 0.01
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this…
- risk 0.27cvss 5.3epss 0.00
WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under…