CWE-732
Incorrect Permission Assignment for Critical Resource
Description
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-1 · CAPEC-122 · CAPEC-127 · CAPEC-17 · CAPEC-180 · CAPEC-206 · CAPEC-234 · CAPEC-60 · CAPEC-61 · CAPEC-62 · CAPEC-642
CVEs mapped to this weakness (623)
page 29 of 32| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0532 | 0.00 | — | 0.01 | Feb 9, 2022 | An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace. | |||
| CVE-2022-0277 | 0.00 | — | 0.01 | Jan 20, 2022 | Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11. | |||
| CVE-2022-21694 | 0.00 | — | 0.01 | Jan 18, 2022 | OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not… | |||
| CVE-2022-20618 | 0.00 | — | 0.01 | Jan 12, 2022 | A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. | |||
| CVE-2022-20616 | 0.00 | — | 0.01 | Jan 12, 2022 | Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file. | |||
| CVE-2022-20614 | 0.00 | — | 0.01 | Jan 12, 2022 | A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | |||
| CVE-2021-43998 | — | 0.00 | — | 0.01 | Nov 30, 2021 | HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed… | ||
| CVE-2021-39235 | — | 0.00 | — | 0.01 | Nov 19, 2021 | In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block. | ||
| CVE-2021-41170 | 0.00 | — | 0.02 | Nov 8, 2021 | neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a… | |||
| CVE-2021-41802 | — | 0.00 | — | 0.01 | Oct 8, 2021 | HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and… | ||
| CVE-2021-41091 | 0.00 | — | 0.03 | Oct 4, 2021 | Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise… | |||
| CVE-2021-22147 | 0.00 | — | 0.01 | Sep 15, 2021 | Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view. | |||
| CVE-2021-38557 | — | 0.00 | — | 0.02 | Aug 24, 2021 | raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite… | ||
| CVE-2021-32760 | 0.00 | — | 0.02 | Jul 19, 2021 | containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file… | |||
| CVE-2021-25318 | 0.00 | — | 0.01 | Jul 15, 2021 | A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions prior to 2.5.9 ; Rancher versions prior to 2.4.16. | |||
| CVE-2021-32729 | 0.00 | — | 0.01 | Jul 1, 2021 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service method used to reset the authentication failures record can be executed by any user… | |||
| CVE-2021-32717 | — | 0.00 | — | 0.01 | Jun 24, 2021 | Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the… | ||
| CVE-2020-1742 | 0.00 | — | 0.00 | Jun 7, 2021 | An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.… | |||
| CVE-2020-1701 | — | 0.00 | — | 0.01 | May 27, 2021 | A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret. | ||
| CVE-2021-33509 | — | 0.00 | — | 0.02 | May 21, 2021 | Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. |
- CVE-2022-0532Feb 9, 2022risk 0.00cvss —epss 0.01
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.
- CVE-2022-0277Jan 20, 2022risk 0.00cvss —epss 0.01
Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11.
- CVE-2022-21694Jan 18, 2022risk 0.00cvss —epss 0.01
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not…
- CVE-2022-20618Jan 12, 2022risk 0.00cvss —epss 0.01
A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2022-20616Jan 12, 2022risk 0.00cvss —epss 0.01
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.
- CVE-2022-20614Jan 12, 2022risk 0.00cvss —epss 0.01
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
- CVE-2021-43998Nov 30, 2021risk 0.00cvss —epss 0.01
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed…
- CVE-2021-39235Nov 19, 2021risk 0.00cvss —epss 0.01
In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block.
- CVE-2021-41170Nov 8, 2021risk 0.00cvss —epss 0.02
neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a…
- CVE-2021-41802Oct 8, 2021risk 0.00cvss —epss 0.01
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and…
- CVE-2021-41091Oct 4, 2021risk 0.00cvss —epss 0.03
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise…
- CVE-2021-22147Sep 15, 2021risk 0.00cvss —epss 0.01
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
- CVE-2021-38557Aug 24, 2021risk 0.00cvss —epss 0.02
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite…
- CVE-2021-32760Jul 19, 2021risk 0.00cvss —epss 0.02
containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file…
- CVE-2021-25318Jul 15, 2021risk 0.00cvss —epss 0.01
A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions prior to 2.5.9 ; Rancher versions prior to 2.4.16.
- CVE-2021-32729Jul 1, 2021risk 0.00cvss —epss 0.01
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service method used to reset the authentication failures record can be executed by any user…
- CVE-2021-32717Jun 24, 2021risk 0.00cvss —epss 0.01
Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the…
- CVE-2020-1742Jun 7, 2021risk 0.00cvss —epss 0.00
An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.…
- CVE-2020-1701May 27, 2021risk 0.00cvss —epss 0.01
A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret.
- CVE-2021-33509May 21, 2021risk 0.00cvss —epss 0.02
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.