CWE-281

Improper Preservation of Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

329 vulnerabilities with CWE-281
CVE-2023-45807 MEDIUM
OpenSearch < 1.3.14.0 and OpenSearch Security Plugin 2.0.0.0-2.10.0.0 - Authenticated Unauthorized Metadata Modification
CVSS 5.4
CVE-2023-30735 MEDIUM
SAssistant < 8.7 - Unauthorized Backup Data Access
CVSS 5.1
CVE-2023-41939 HIGH
Jenkins SSH2 Easy Plugin <1.4 - Privilege Escalation
CVSS 8.8
CVE-2023-31926 HIGH
Brocade Fabric OS <9.1.1c, 9.2.0 - Code Injection
CVSS 7.1
CVE-2023-1386 LOW
QEMU - Improper Preservation of Permissions in 9p Passthrough Filesystem
CVSS 3.3
CVE-2023-34034 CRITICAL
Spring Security 5.6.0-5.6.11, 5.7.0-5.7.8, 5.8.0-5.8.3, 6.0.0-6.0.3, 6.1.0 Security Bypass
CVSS 9.1
CVE-2023-21249 MEDIUM
OneTimePermissionUserManager - Privilege Escalation
CVSS 5.5
CVE-2023-35938 MEDIUM
Tuleap <14.9.99.63 - Privilege Escalation
CVSS 4.1
CVE-2023-2818 MEDIUM
Insider Threat Management Agent <7.14.3 - Info Disclosure
CVSS 5.5
CVE-2023-32552 MEDIUM
Trend Micro Apex One/Apex One as a Service - Info Disclosure
CVSS 5.3
CVE-2023-2993 MEDIUM
Lenovo NextScale N1200 Enclosure Firmware < fhet60b-3.40 - Authenticated Privilege Escalation via Web Management API
CVSS 5.4
CVE-2023-34672 HIGH
Elenos ETG150 FM <3.12 - Privilege Escalation
CVSS 8.8
CVE-2023-32400 MEDIUM
iPadOS < 16.5 - Improper Preservation of Permissions
CVSS 5.5
CVE-2023-32388 MEDIUM
iPadOS < 15.7.6 - Privacy Bypass via Log Entry Data Exposure
CVSS 5.5
CVE-2023-32355 MEDIUM
macOS 11.0-11.7.6 - Unprotected File System Modification via Logic Issue
CVSS 5.5
CVE-2023-28161 HIGH
Firefox < 111.0 - Permission Persistence via File URL Handling
CVSS 8.8
CVE-2023-31923 HIGH
Suprema BioStar 2 <2022 Q4 v2.9.1 - Privilege Escalation
CVSS 8.8
CVE-2023-0975 HIGH
Trellix Agent for Windows <5.7.8 - Privilege Escalation
CVSS 8.2
CVE-2023-28668 CRITICAL
Jenkins Role-based Authorization Strategy Plugin <587.v2872c41fa_e5...
CVSS 9.8
CVE-2023-28647 MEDIUM
Nextcloud iOS <4.7.0 - Privilege Escalation
CVSS 4.4
CVE-2023-28646 MEDIUM
Nextcloud android <3.24.1 - Info Disclosure
CVSS 4.4
CVE-2023-28642 MEDIUM
runc < 1.1.5 - AppArmor Bypass via Symlinked /proc
CVSS 6.1
CVE-2023-25809 MEDIUM
runc < 1.1.5 - Unauthenticated Permission Overwrite in /sys/fs/cgroup
CVSS 5.0
CVE-2023-25817 LOW
Nextcloud Server 24.0.0-24.0.8 - Unauthorized File Deletion via Permission Escalation
CVSS 3.5
CVE-2023-21464 MEDIUM
Samsung Calendar <12.4.02.9000-12.3.08.2000 - Info Disclosure
CVSS 4.0
Details
Vulnerabilities 329
Links
MITRE CWE Entry Search this CWE With Exploits