CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,662 vulnerabilities with CWE-732
CVE-2023-33695 HIGH
Hutool < 5.8.17 - Information Disclosure via File.createTempFile()
CVSS 7.1
CVE-2023-31238 MEDIUM
SICAM P850 <V3.11 - Info Disclosure
CVSS 5.5
CVE-2023-30897 HIGH
SIMATIC WinCC < 7.5.2.13 - Authenticated Privilege Escalation via Installation Folder Permissions
CVSS 7.8
CVE-2023-2876 LOW
ABB REX640 PCL1 < 1.0.8, PCL2 < 1.1.4, PCL3 < 1.2.1 - Cross-Site Scripting via Sensitive Cookie Without HttpOnly Flag
CVSS 3.1
CVE-2023-32114 LOW
SAP NetWeaver 702-757 - Authenticated Denial of Service via Benchmark Program Abuse
CVSS 2.7
CVE-2023-28399 HIGH
CONPROSYS HMI System < 3.5.3 - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
CVE-2023-28346 HIGH
Faronics Insight 10.0.19045 - Unauthenticated Access to Private API Endpoints via Virtual Host Routing Bypass
CVSS 7.3
CVE-2023-31874 HIGH
Yank Note 3.52.1 - Arbitrary Code Execution via Crafted File
CVSS 8.8
CVE-2023-31748 HIGH
MobileTrans <4.0.11 - Privilege Escalation
CVSS 7.8
CVE-2023-31454 HIGH
Apache InLong <1.7.0 - Privilege Escalation
CVSS 7.5
CVE-2023-31453 HIGH
Apache InLong <1.7.0 - Privilege Escalation
CVSS 7.5
CVE-2023-33251 MEDIUM
Akka HTTP <10.5.2 - Info Disclosure
CVSS 4.7
CVE-2023-1692 HIGH
Window Management Module - Info Disclosure
CVSS 7.5
CVE-2023-31871 HIGH
OpenText Documentum Content Server <23.2 - Privilege Escalation
CVSS 7.8
CVE-2023-33004 MEDIUM
Jenkins Tag Profiler Plugin < 0.2 - Unauthenticated Statistics Reset via Missing Permission Check
CVSS 4.3
CVE-2023-32992 HIGH
Jenkins SAML Single Sign On Plugin < 2.0.2 - Server-Side Request Forgery and XML External Entity Injection
CVSS 8.8
CVE-2023-32990 MEDIUM
Jenkins Azure VM Agents Plugin < 852.v8d35f0960a_43 - Missing Permission Check for Azure Cloud Server Connection
CVSS 6.5
CVE-2023-32986 HIGH
Jenkins File Parameter Plugin < 285.287.v4b_7b_29d3469d - Arbitrary File Write via Stashed File Parameter Name
CVSS 8.8
CVE-2023-32979 MEDIUM
Jenkins Email Extension Plugin < 2.96 - Unauthenticated File Existence Disclosure via Form Validation
CVSS 4.3
CVE-2023-32303 MEDIUM
Planet < 2.0.1 - Incorrect Permission Assignment for Critical Resource
CVSS 5.2
CVE-2023-28522 MEDIUM
IBM API Connect V10 - Privilege Escalation
CVSS 4.3
CVE-2023-31445 MEDIUM
Cassia Access controller <2.1.1.2203171453 - Info Disclosure
CVSS 5.3
CVE-2023-29092 LOW
Samsung Exynos Modem 5123, 5300, 980, and 1080 - Improper Handling of Exceptional Conditions
CVSS 3.1
CVE-2023-2478 CRITICAL
GitLab 15.4-15.9.6, 15.10-15.10.5, 15.11-15.11.1 - Unauthorized Runner Attachment via GraphQL Endpoint
CVSS 9.6
CVE-2023-28068 HIGH
Dell Command Monitor < 10.9 - Authenticated Privilege Escalation via Improper Folder Permissions
CVSS 7.3
Details
Vulnerabilities 1,662
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits