CWE-276

Medium likelihood

Incorrect Default Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

During installation, installed file permissions are set to allow anyone to modify those files.

1,512 vulnerabilities with CWE-276
CVE-2022-0486 MEDIUM
Fidelis Network & Deception <9.4.5 - Privilege Escalation
CVSS 4.4
CVE-2022-24890 LOW
Nextcloud Talk < 13.0.5 - Unauthorized Exposure of Private Personal Information via Call Moderator Permissions
CVSS 2.4
CVE-2022-30375 MEDIUM
Simple Social Networking Site 1.0 - Unauthenticated Arbitrary File Deletion via Master.php delete_img Parameter
CVSS 6.5
CVE-2022-30367 MEDIUM
Air Cargo Management System 1.0 - Unauthenticated Arbitrary File Deletion via Master.php delete_img Parameter
CVSS 6.5
CVE-2022-23802 HIGH
Joomla Guru extension 5.2.5 - Info Disclosure
CVSS 7.5
CVE-2022-29585 HIGH
Mahara < 20.10.5, 21.04.4, 21.10.2, 22.04.0 - Unauthorized Group Data Exposure via Isolated Institutions
CVSS 7.5
CVE-2022-28218 MEDIUM
CipherMail Webmail Messenger 1.1.1-4.1.4 - Unprotected Secret Key Exposure via Roundcube Configuration File
CVSS 5.5
CVE-2022-20732 HIGH
Cisco Virtualized Infrastructure Manager < 4.2.2 - Authenticated Privilege Escalation via Configuration File Access
CVSS 7.8
CVE-2022-29547 HIGH
CreateRedirect < 2022-04-14 - Unauthenticated Page Edit via Permission Bypass
CVSS 7.5
CVE-2022-26595 MEDIUM
Liferay Portal/DXP - Info Disclosure
CVSS 4.3
CVE-2022-27652 MEDIUM
cri-o < 1.24.0 - Incorrect Default Permissions
CVSS 5.3
CVE-2022-27840 MEDIUM
Samsung Recovery < 8.1.43.0 - Unauthenticated Arbitrary File Deletion via Improper Access Control
CVSS 4.4
CVE-2022-24804 MEDIUM
Discourse < 2.8.3 - Unauthorized Group Name Exposure via Category Permissions
CVSS 5.3
CVE-2022-27960 MEDIUM
ofcms 1.1.4 - Arbitrary User Information Modification via SysUserController.java user_id Parameter
CVSS 5.4
CVE-2022-27958 MEDIUM
FEBS-Security 1.0 - Unauthenticated Arbitrary User Profile Modification via UserID Parameter
CVSS 5.4
CVE-2022-26855 MEDIUM
Dell PowerScale OneFS 8.2.x-9.3.0.x - Denial of Service via Incorrect Default Permissions
CVSS 5.5
CVE-2022-22518 MEDIUM
CODESYS Control Runtime System Toolkit 3.5.17.0 - Incorrect Default Permissions in CmpUserMgr
CVSS 6.5
CVE-2022-27651 MEDIUM
buildah < 1.25.0 - Incorrect Default Permissions
CVSS 6.8
CVE-2022-27650 HIGH
crun < 1.4.4 - Incorrect Default Permissions
CVSS 7.5
CVE-2022-27649 HIGH
Podman < 4.0.3 - Incorrect Default Permissions
CVSS 7.5
CVE-2022-22948 MEDIUM KEV
VMware Cloud Foundation 3.0-3.10 - Information Disclosure via Improper File Permissions
CVSS 6.5
CVE-2022-26839 HIGH
Delta Electronics DIAEnergie <1.8.02.004 - Code Injection
CVSS 7.8
CVE-2022-27919 CRITICAL
Gradle Enterprise >=2020.4 <2021.4.3 - Remote Code Execution via Default Configuration
CVSS 9.8
CVE-2022-25570 MEDIUM
Click Studios Passwordstate 9435 - Authenticated Permission Escalation via Default Permission Model
CVSS 6.5
CVE-2022-25364 HIGH
Gradle Enterprise < 2021.4.2 - Unauthenticated Remote Code Execution via Default Build Cache Configuration
CVSS 8.1
Details
Vulnerabilities 1,512
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits