CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,662 vulnerabilities with CWE-732
CVE-2023-30399 HIGH
GARO Wallbox GLB/GTB/GTC < 189 - Insecure Permission Assignment in Settings Page
CVSS 8.1
CVE-2023-25438 HIGH
Genomedics MilleGP5 5.9.2 - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
CVE-2023-0834 HIGH
HYPR Workforce Access 6.12.0-8.0.0 - Privilege Escalation via Incorrect Permission Assignment
CVSS 7.0
CVE-2023-0207 HIGH
NVIDIA DGX-2 - Privilege Escalation
CVSS 7.5
CVE-2023-28123 MEDIUM
UI Desktop < 0.62.3.0 - VPN Credential Hijack via Permission Misconfiguration
CVSS 5.5
CVE-2023-30606 MEDIUM
Discourse - Denial of Service via SiteSetting Method Injection
CVSS 4.2
CVE-2023-22294 HIGH
Tribe29 Checkmk Appliance <1.6.4 - Privilege Escalation
CVSS 8.8
CVE-2023-28960 HIGH
Juniper Networks Junos OS Evolved - Privilege Escalation
CVSS 8.2
CVE-2023-30512 MEDIUM
CubeFS <= 3.2.1 - Kubernetes Cluster Privilege Escalation via DaemonSet Role Assignment
CVSS 6.5
CVE-2023-1939 MEDIUM
Drevolutions Remote Desktop Manager <2022.3.33.0 - Info Disclosure
CVSS 4.3
CVE-2023-24626 MEDIUM
GNU Screen < 4.9.0 - Denial of Service via Privileged SIGHUP Signal
CVSS 6.5
CVE-2023-0944 MEDIUM
Bhima 1.27.0 - Authenticated Insecure Direct Object Reference
CVSS 4.3
CVE-2023-0225 MEDIUM
Samba >=4.17.0 <4.17.7 - Authenticated Incorrect Permission Assignment for Critical Resource
CVSS 4.3
CVE-2023-1516 HIGH
RoboDK <5.5.3 - Privilege Escalation
CVSS 7.9
CVE-2023-25817 LOW
Nextcloud Server 24.0.0-24.0.8 - Unauthorized File Deletion via Permission Escalation
CVSS 3.5
CVE-2023-1135 HIGH
InfraSuite Device Master < 1.0.5 - Local Privilege Escalation via Directory Permission Manipulation
CVSS 7.8
CVE-2023-27096 MEDIUM
OpenGoofy Hippo4j <1.4.3 - Info Disclosure
CVSS 6.5
CVE-2023-27095 MEDIUM
OpenGoofy Hippo4j <1.4.3 - Privilege Escalation
CVSS 6.5
CVE-2023-27084 MEDIUM
Isoftforce Dreamer CMS <4.0.1 - Info Disclosure
CVSS 5.3
CVE-2023-23939 LOW
Azure/setup-kubectl <3 - Privilege Escalation
CVSS 3.9
CVE-2023-24205 CRITICAL
Clash for Windows 0.20.12 - Remote Code Execution via Configuration File Overwrite
CVSS 9.8
CVE-2023-25150 MEDIUM
Nextcloud richdocuments < 3.8.7 - Improper Access Control via Collabora Integration
CVSS 5.8
CVE-2023-22326 MEDIUM
BIG-IP <17.0.0.2,16.1.3.3,15.1.8.1,14.1.5.3,13.1.x - Info Disclosure
CVSS 4.9
CVE-2023-23610 MEDIUM
GLPI < 9.5.12 - Improper Privilege Management via Data Export
CVSS 6.5
CVE-2023-20923 MEDIUM
Android - Local Information Disclosure via ShannonRcs Content Provider Permissions Bypass
CVSS 5.5
Details
Vulnerabilities 1,662
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits