VYPR

CWE-732

Incorrect Permission Assignment for Critical Resource

ClassDraftLikelihood: High

Description

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

When a resource is given a permission setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution, or sensitive user data. For example, consider a misconfigured storage account for the cloud that can be read or written by a public or anonymous user.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-122 · CAPEC-127 · CAPEC-17 · CAPEC-180 · CAPEC-206 · CAPEC-234 · CAPEC-60 · CAPEC-61 · CAPEC-62 · CAPEC-642

CVEs mapped to this weakness (623)

page 5 of 32
  • CVE-2018-1000649HigAug 20, 2018
    risk 0.57cvss 8.8epss 0.03

    LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be…

  • CVE-2018-5490HigAug 3, 2018
    risk 0.57cvss 8.8epss 0.01

    Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running…

  • CVE-2018-1000209HigJul 13, 2018
    risk 0.57cvss 8.8epss 0.01

    Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account. This attack appear to be exploitable via…

  • CVE-2018-14043CriJul 13, 2018
    risk 0.57cvss 9.8epss 0.02

    mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file access control in situations where M_fs_perms_can_access attempts to delete an existing file (that lacks public read/write access) during a copy operation, related to fs/m_fs.c and fs/m_fs_path.c. An attacker…

  • CVE-2018-11116HigJun 19, 2018
    risk 0.57cvss 8.8epss 0.02

    OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the…

  • CVE-2018-12027HigJun 17, 2018
    risk 0.57cvss 8.8epss 0.01

    An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent…

  • CVE-2018-4220HigJun 8, 2018
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the "Swift for Ubuntu" component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are…

  • CVE-2018-11194HigJun 2, 2018
    risk 0.57cvss 8.8epss 0.03

    Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6).

  • CVE-2018-11193HigJun 2, 2018
    risk 0.57cvss 8.8epss 0.03

    Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6).

  • CVE-2018-11192HigJun 2, 2018
    risk 0.57cvss 8.8epss 0.03

    Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6).

  • CVE-2018-11191HigJun 2, 2018
    risk 0.57cvss 8.8epss 0.03

    Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6).

  • CVE-2018-10519HigApr 27, 2018
    risk 0.57cvss 8.8epss 0.01

    CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this…

  • CVE-2018-10204HigApr 18, 2018
    risk 0.57cvss 8.8epss 0.02

    PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at…

  • CVE-2018-1000158HigApr 18, 2018
    risk 0.57cvss 8.8epss 0.01

    cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . '/login.php?recoverme=' . $code;" that can result in Administrator Password Reset Poisoning, specifically a reset URL…

  • CVE-2018-1231HigMar 27, 2018
    risk 0.57cvss 8.8epss 0.01

    Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH.

  • CVE-2018-6623HigMar 12, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation.…

  • CVE-2018-7311HigFeb 21, 2018
    risk 0.57cvss 8.8epss 0.02

    PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. The software installs a privileged helper tool that runs as the root user. This privileged helper tool is installed as a LaunchDaemon and implements an XPC service. The XPC service is responsible…

  • CVE-2017-1000403HigJan 26, 2018
    risk 0.57cvss 8.8epss 0.01

    Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts.

  • CVE-2017-9514HigOct 12, 2017
    risk 0.57cvss 8.8epss 0.01

    Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code…

  • CVE-2017-1000096HigOct 5, 2017
    risk 0.57cvss 8.8epss 0.02

    Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular…