CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,666 vulnerabilities with CWE-732
CVE-2014-10402 MEDIUM
DBI < 1.643 - Incorrect Permission Assignment for Critical Resource via DBD::File Driver
CVSS 6.1
CVE-2014-10401 MEDIUM
DBI < 1.632 - Incorrect Permission Assignment for Critical Resource via DBD::File Drivers
CVSS 6.1
CVE-2014-1422 MEDIUM
Ubuntu Trust Store <1.1.0+15.04.20150123 - Info Disclosure
CVSS 5.0
CVE-2013-0326 MEDIUM
OpenStack Nova - Unprotected Base Image Data Exposure via World-Readable Permissions
CVSS 5.5
CVE-2013-4367 HIGH
ovirt-engine 3.2 - Incorrect Permission Assignment for Critical Resource via os.chmod() Mode Handling
CVSS 7.8
CVE-2013-0887
Google Chrome <25.0.1364.97-25.0.1364.99 - Privilege Escalation
CVE-2013-0885
Google Chrome <25.0.1364.97-25.0.1364.99 - Info Disclosure
CVE-2012-10030 CRITICAL
FreeFloat FTP Server - Unauthenticated RCE
CVSS 9.8
CVE-2012-2087 CRITICAL
ISPConfig 3.0.4.3 - Incorrect Permission Assignment via Webdav User Interface
CVSS 9.8
CVE-2012-6655 LOW
accountsservice 0.6.37 - Unauthorized Password Disclosure via user_change_password_authorized_cb
CVSS 3.3
CVE-2012-1160 LOW
Moodle < 2.2.2 - Unauthenticated Forum Subscription Permission Bypass via mod/forum/index.php
CVSS 2.7
CVE-2012-0433 LOW
crowbar <2012-10-02 - Info Disclosure
CVSS 3.3
CVE-2011-4912 MEDIUM
Joomla! 1.5.0-1.5.13 - Incorrect Permission Assignment for Critical Resource in com_mailto
CVSS 5.3
CVE-2011-2515 MEDIUM
PackageKit 0.6.17 - Unauthenticated Arbitrary Code Execution via Unsigned RPM Package Installation
CVSS 5.3
CVE-2011-3923 CRITICAL
Apache Struts <2.3.1.2 - Command Injection
CVSS 9.8
CVE-2011-4339
OpenIPMI - Local Privilege Escalation
CVE-2010-0747 HIGH
drbd8 - Incorrect Permission Assignment for Critical Resource via Netlink Packets
CVSS 7.8
CVE-2010-0737 HIGH
JBoss ON <2.3.1 - Privilege Escalation
CVSS 8.0
CVE-2010-2116
McAfee Email Gateway 6.7.1 - Authenticated Privilege Escalation via Web Interface
CVE-2010-0488 MEDIUM
Internet Explorer 5.01 SP4, 6, 6 SP1, 7 - Same Origin Policy Bypass via Encoding String Handling
CVSS 6.5
CVE-2009-3897 MEDIUM
Dovecot <1.2.8 - Privilege Escalation
CVSS 5.5
CVE-2009-3939 HIGH
Linux kernel <2.6.31.6 - Local Privilege Escalation
CVSS 7.1
CVE-2009-3611 HIGH
Le-web Backintime - Incorrect Permission Assignment
CVSS 7.1
CVE-2009-2948
Samba 3.0.0-3.0.36 - Unauthenticated Credential File Read via mount.cifs Verbose Option
CVE-2009-3489 HIGH
Adobe Photoshop Elements 8.0 - Incorrect Permission Assignment for Critical Resource in Active File Monitor Service
CVSS 7.8
Details
Vulnerabilities 1,666
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits