CWE-732
Incorrect Permission Assignment for Critical Resource
Description
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-1 · CAPEC-122 · CAPEC-127 · CAPEC-17 · CAPEC-180 · CAPEC-206 · CAPEC-234 · CAPEC-60 · CAPEC-61 · CAPEC-62 · CAPEC-642
CVEs mapped to this weakness (623)
page 5 of 32| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000649 | Hig | 0.57 | 8.8 | 0.03 | Aug 20, 2018 | LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be… | ||
| CVE-2018-5490 | Hig | 0.57 | 8.8 | 0.01 | Aug 3, 2018 | Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running… | ||
| CVE-2018-1000209 | Hig | 0.57 | 8.8 | 0.01 | Jul 13, 2018 | Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account. This attack appear to be exploitable via… | ||
| CVE-2018-14043 | Cri | 0.57 | 9.8 | 0.02 | Jul 13, 2018 | mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file access control in situations where M_fs_perms_can_access attempts to delete an existing file (that lacks public read/write access) during a copy operation, related to fs/m_fs.c and fs/m_fs_path.c. An attacker… | ||
| CVE-2018-11116 | Hig | 0.57 | 8.8 | 0.02 | Jun 19, 2018 | OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the… | ||
| CVE-2018-12027 | — | Hig | 0.57 | 8.8 | 0.01 | Jun 17, 2018 | An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent… | |
| CVE-2018-4220 | Hig | 0.57 | 8.8 | 0.02 | Jun 8, 2018 | An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the "Swift for Ubuntu" component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are… | ||
| CVE-2018-11194 | Hig | 0.57 | 8.8 | 0.03 | Jun 2, 2018 | Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6). | ||
| CVE-2018-11193 | Hig | 0.57 | 8.8 | 0.03 | Jun 2, 2018 | Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6). | ||
| CVE-2018-11192 | Hig | 0.57 | 8.8 | 0.03 | Jun 2, 2018 | Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6). | ||
| CVE-2018-11191 | Hig | 0.57 | 8.8 | 0.03 | Jun 2, 2018 | Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6). | ||
| CVE-2018-10519 | Hig | 0.57 | 8.8 | 0.01 | Apr 27, 2018 | CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this… | ||
| CVE-2018-10204 | Hig | 0.57 | 8.8 | 0.02 | Apr 18, 2018 | PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at… | ||
| CVE-2018-1000158 | Hig | 0.57 | 8.8 | 0.01 | Apr 18, 2018 | cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . '/login.php?recoverme=' . $code;" that can result in Administrator Password Reset Poisoning, specifically a reset URL… | ||
| CVE-2018-1231 | Hig | 0.57 | 8.8 | 0.01 | Mar 27, 2018 | Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH. | ||
| CVE-2018-6623 | Hig | 0.57 | 8.8 | 0.01 | Mar 12, 2018 | An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation.… | ||
| CVE-2018-7311 | Hig | 0.57 | 8.8 | 0.02 | Feb 21, 2018 | PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. The software installs a privileged helper tool that runs as the root user. This privileged helper tool is installed as a LaunchDaemon and implements an XPC service. The XPC service is responsible… | ||
| CVE-2017-1000403 | — | Hig | 0.57 | 8.8 | 0.01 | Jan 26, 2018 | Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts. | |
| CVE-2017-9514 | Hig | 0.57 | 8.8 | 0.01 | Oct 12, 2017 | Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code… | ||
| CVE-2017-1000096 | Hig | 0.57 | 8.8 | 0.02 | Oct 5, 2017 | Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular… |
- risk 0.57cvss 8.8epss 0.03
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be…
- risk 0.57cvss 8.8epss 0.01
Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running…
- risk 0.57cvss 8.8epss 0.01
Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account. This attack appear to be exploitable via…
- risk 0.57cvss 9.8epss 0.02
mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file access control in situations where M_fs_perms_can_access attempts to delete an existing file (that lacks public read/write access) during a copy operation, related to fs/m_fs.c and fs/m_fs_path.c. An attacker…
- risk 0.57cvss 8.8epss 0.02
OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the…
- risk 0.57cvss 8.8epss 0.01
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent…
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the "Swift for Ubuntu" component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are…
- risk 0.57cvss 8.8epss 0.03
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6).
- risk 0.57cvss 8.8epss 0.03
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6).
- risk 0.57cvss 8.8epss 0.03
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6).
- risk 0.57cvss 8.8epss 0.03
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6).
- risk 0.57cvss 8.8epss 0.01
CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this…
- risk 0.57cvss 8.8epss 0.02
PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at…
- risk 0.57cvss 8.8epss 0.01
cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . '/login.php?recoverme=' . $code;" that can result in Administrator Password Reset Poisoning, specifically a reset URL…
- risk 0.57cvss 8.8epss 0.01
Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation.…
- risk 0.57cvss 8.8epss 0.02
PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. The software installs a privileged helper tool that runs as the root user. This privileged helper tool is installed as a LaunchDaemon and implements an XPC service. The XPC service is responsible…
- risk 0.57cvss 8.8epss 0.01
Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts.
- risk 0.57cvss 8.8epss 0.01
Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code…
- risk 0.57cvss 8.8epss 0.02
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular…