VYPR

CWE-732

Incorrect Permission Assignment for Critical Resource

ClassDraftLikelihood: High

Description

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

When a resource is given a permission setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution, or sensitive user data. For example, consider a misconfigured storage account for the cloud that can be read or written by a public or anonymous user.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-122 · CAPEC-127 · CAPEC-17 · CAPEC-180 · CAPEC-206 · CAPEC-234 · CAPEC-60 · CAPEC-61 · CAPEC-62 · CAPEC-642

CVEs mapped to this weakness (623)

page 25 of 32
  • CVE-2017-1716LowDec 13, 2017
    risk 0.21cvss 3.3epss 0.00

    IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638.

  • CVE-2018-1551LowAug 6, 2018
    risk 0.20cvss 3.1epss 0.01

    IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.

  • CVE-2017-15352LowFeb 15, 2018
    risk 0.20cvss 3.1epss 0.00

    Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10,…

  • CVE-2026-32684LowMay 12, 2026
    risk 0.19cvss 2.9epss 0.00

    The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information.

  • CVE-2026-6499LowMay 4, 2026
    risk 0.16cvss epss 0.00

    Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5.

  • CVE-2026-6842LowApr 22, 2026
    risk 0.16cvss 2.5epss 0.00

    A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows the attacker to inject a malicious `.desktop` launcher, which could lead to…

  • CVE-2018-4238LowJun 8, 2018
    risk 0.16cvss 2.4epss 0.00

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and enable Siri.

  • CVE-2026-21727LowApr 15, 2026
    risk 0.14cvss 3.3epss 0.00

    --- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: "# Cross-Tenant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product: Grafana severity: Low cve: CVE-2026-21727 cvss_score:…

  • CVE-2026-21715LowMar 30, 2026
    risk 0.14cvss 3.3epss 0.00

    A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under `--permission` with restricted…

  • CVE-2021-25646Jan 29, 2021
    risk 0.11cvss epss 0.99

    Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an…

  • CVE-2011-3923Nov 1, 2019
    risk 0.10cvss epss 0.89

    Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

  • CVE-2021-21809Jun 23, 2021
    risk 0.09cvss epss 0.24

    A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.

  • CVE-2021-44521Feb 11, 2022
    risk 0.07cvss epss 0.55

    When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would…

  • CVE-2021-37305Feb 3, 2023
    risk 0.05cvss epss 0.04

    An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.

  • CVE-2021-37304Feb 3, 2023
    risk 0.04cvss epss 0.04

    An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.

  • CVE-2026-54327lowJun 17, 2026
    risk 0.00cvss epss 0.00

    # Pi auth.json writes could briefly expose stored credentials to local users Pi stored API keys and OAuth credentials in `auth.json`. A race condition in the file write path could briefly create or rewrite this file with permissions derived from the process umask before…

  • CVE-2026-3113Mar 26, 2026
    risk 0.00cvss epss 0.00

    Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to set permissions on downloaded bulk export which allows other local users on the server to be able to read contents of the bulk export.. Mattermost Advisory ID: MMSA-2026-00593

  • CVE-2026-32048Mar 21, 2026
    risk 0.00cvss epss 0.00

    OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_spawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit this to spawn child runtimes…

  • CVE-2026-28563Mar 17, 2026
    risk 0.00cvss epss 0.00

    Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users…

  • CVE-2026-26929Mar 17, 2026
    risk 0.00cvss epss 0.00

    Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dag_id set to "~" (wildcard for all DAGs). As a result, version metadata of DAGs that the requester is not authorized to…