CWE-281

Improper Preservation of Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

329 vulnerabilities with CWE-281
CVE-2024-22177 LOW
OpenHarmony < 3.2.4 - Local Denial of Service via Permission Handling
CVSS 3.3
CVE-2024-29735 MEDIUM
Apache Airflow <2.8.3 - Privilege Escalation
CVSS 5.3
CVE-2024-30187 MEDIUM
Anope <2.0.15 - Privilege Escalation
CVSS 5.3
CVE-2024-28746 HIGH
Apache Airflow <2.8.3 - Info Disclosure
CVSS 8.1
CVE-2024-28152 MEDIUM
Jenkins Bitbucket Branch Source Plugin <866.vdea_7dcd3008e - Info D...
CVSS 6.3
CVE-2024-21816 MEDIUM
OpenHarmony <= 4.0.0 - Information Disclosure via Improper Permission Preservation
CVSS 4.0
CVE-2024-0674 MEDIUM
Lamassu Bitcoin ATM Douro 7.1 - Privilege Escalation
CVSS 6.3
CVE-2024-22404 MEDIUM
Nextcloud Files Zip <1.2.1-1.5.0 - Info Disclosure
CVSS 4.1
CVE-2024-22402 MEDIUM
Nextcloud Guests < 2.4.1 - Permissions Bypass via App Page Access
CVSS 5.4
CVE-2024-22401 MEDIUM
Nextcloud Guests <2.4.1-3.0.1 - Privilege Escalation
CVSS 4.1
CVE-2023-32199 MEDIUM
Rancher Manager - Privilege Escalation
CVSS 4.3
CVE-2023-42231 HIGH
Zucchetti HelpdeskAdvanced <= 11.0.33 - Incorrect Access Control
CVSS 8.1
CVE-2023-42228 HIGH
Zucchetti HelpdeskAdvanced <= 11.0.33 - Incorrect Access Control
CVSS 8.8
CVE-2023-42867 HIGH
GarageBand <10.4.9 - Privilege Escalation
CVSS 7.8
CVE-2023-25646 HIGH
ZTE ZXHN H388X Firmware - Unauthenticated Privilege Escalation via Serial Port Brute-Force
CVSS 7.1
CVE-2023-52542 MEDIUM
Huawei EMUI and HarmonyOS - Denial of Service via Permission Verification Bypass
CVSS 6.5
CVE-2023-49932 MEDIUM
Couchbase Server <7.2.4 - Auth Bypass
CVSS 5.4
CVE-2023-52373 HIGH
Content Sharing Pop-up - Info Disclosure
CVSS 7.5
CVE-2023-6186 HIGH
LibreOffice 7.5.0-7.5.8 - Built-In Macro Execution Without Warning
CVSS 8.3
CVE-2023-47463 CRITICAL
GL.iNet AX1800 4.0.0-4.4.9 - Unauthenticated Remote Code Execution via gl_nas_sys Authentication Function
CVSS 9.8
CVE-2023-6239 MEDIUM
M-Files Server <23.11.13168.7 - Privilege Escalation
CVSS 5.4
CVE-2023-48240 CRITICAL
XWiki 11.10.1-14.10.14 - Cookie Theft and Server-Side Request Forgery via Diff Image Embedding
CVSS 9.0
CVE-2023-43612 HIGH
OpenHarmony <3.2.2 - Info Disclosure
CVSS 8.4
CVE-2023-4996 MEDIUM
Netskope NSClient <100 - Privilege Escalation
CVSS 6.6
CVE-2023-39902 HIGH
NXP U-Boot Secondary Program Loader < 2023.07 - Unauthenticated Privilege Escalation via Crafted FIT Structure
CVSS 7.0
Details
Vulnerabilities 329
Links
MITRE CWE Entry Search this CWE With Exploits