CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,662 vulnerabilities with CWE-732
CVE-2023-42924 MEDIUM
macOS 13.0-13.6.2 - Unprotected User Data Exposure via Logic Issue
CVSS 5.5
CVE-2023-50446 HIGH
Mullvad VPN < 2023.6-beta1 - Privilege Escalation via Insufficient Directory Permissions
CVSS 7.8
CVE-2023-49797 HIGH
PyInstaller < 5.13.1 - Unauthenticated Arbitrary File Deletion via Temporary File Symlink Race Condition
CVSS 8.8
CVE-2023-40302 CRITICAL
NETSCOUT nGeniusPULSE 3.8 - Weak File Permissions
CVSS 9.1
CVE-2023-49946 CRITICAL
Forgejo < 1.20.5-1 - Unauthorized Access to Private Repository Objects
CVSS 9.1
CVE-2023-29065 MEDIUM
FACSChorus - Unprotected Database Access via Inherited User Privileges
CVSS 4.1
CVE-2023-5651 MEDIUM
WP Hotel Booking < 2.0.8 - Authenticated Arbitrary Post Deletion via Missing Authorization
CVSS 5.4
CVE-2023-6179 HIGH
Honeywell ProWatch 4.5 - Incorrect Permission Assignment for Critical Resource in Application Server Executable Folder
CVSS 7.8
CVE-2023-48087 MEDIUM
xxl-job-admin 2.4.0 - Insecure Permission Assignment via Job Log Endpoints
CVSS 5.4
CVE-2023-39230 MEDIUM
Intel Rapid Storage Technology <16.8.5.1014.9 - Privilege Escalation
CVSS 6.7
CVE-2023-34997 MEDIUM
Intel Server Configuration Utility < 16.0.9 - Authenticated Privilege Escalation via Insecure Inherited Permissions
CVSS 6.7
CVE-2023-34314 MEDIUM
Intel Simics Simulator < 1.7.2 - Authenticated Privilege Escalation via Insecure Inherited Permissions
CVSS 6.7
CVE-2023-36633 MEDIUM
FortiMail <7.2.2, >7.0.4 - Auth Bypass
CVSS 5.4
CVE-2023-47801 MEDIUM
Click Studios Passwordstate < 9.8 - Unauthorized Private Password Record Access via API Endpoint
CVSS 4.7
CVE-2023-28134 HIGH
Check Point Harmony Endpoint/ZoneAlarm Extreme Security - Privilege Escalation via Incorrect Permission Assignment
CVSS 7.8
CVE-2023-3282 MEDIUM
Cortex XSOAR < 6.10.0 - Local Privilege Escalation via Engine Software
CVSS 6.4
CVE-2023-5136 MEDIUM
TopoGrafix DataPlugin - Info Disclosure
CVSS 5.5
CVE-2023-46449 HIGH
inventory_management_system 1.0 - Incorrect Access Control via Password Change IDOR
CVSS 8.8
CVE-2023-42861 MEDIUM
macOS 14.0 - Unprotected User Data Exposure via Lock Screen Bypass
CVSS 6.5
CVE-2023-42489 HIGH
EisBaer Scada < 3.0.6433.1964 - Incorrect Permission Assignment for Critical Resource
CVSS 7.5
CVE-2023-40361 HIGH
SECUDOS Qiata 4.13 - Privilege Escalation via Insecure previewRm.sh Cronjob Permissions
CVSS 7.8
CVE-2023-34437 HIGH
Bently Nevada 3500 System TDI Firmware 5.05 - Exposure of Sensitive Information via Password Retrieval Functionality
CVSS 7.5
CVE-2023-44201 MEDIUM
Junos OS and Junos OS Evolved - Authenticated Privilege Escalation via Configuration File Permission Bypass
CVSS 5.0
CVE-2023-32724 CRITICAL
Zabbix < 5.0.36 - Incorrect Permission Assignment
CVSS 9.1
CVE-2023-32723 HIGH
Zabbix 4.0.0-4.0.18 - Unauthenticated LDAP Request Permission Bypass
CVSS 8.5
Details
Vulnerabilities 1,662
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits