Common Weakness Enumeration

CWE-276

Allowed

Incorrect Default Permissions

Abstraction: Base · Status: Draft

During installation, installed file permissions are set to allow anyone to modify those files.

2035 vulnerabilities reference this CWE, most recent first.

GHSA-9G9Q-CF56-CFH9

Vulnerability from github – Published: 2024-09-17 00:31 – Updated: 2025-11-04 18:31
VLAI
Details

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-44151"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-17T00:15:50Z",
    "severity": "MODERATE"
  },
  "details": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.",
  "id": "GHSA-9g9q-cf56-cfh9",
  "modified": "2025-11-04T18:31:22Z",
  "published": "2024-09-17T00:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44151"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121234"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121238"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121247"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Sep/33"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Sep/40"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Sep/41"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9GPH-8XXH-C4W6

Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:38
VLAI
Details

A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-29057"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-28T21:15:08Z",
    "severity": "HIGH"
  },
  "details": "A valid XCC user\u0027s local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as \u201cLocal First, then LDAP\u201d.",
  "id": "GHSA-9gph-8xxh-c4w6",
  "modified": "2024-04-04T05:38:28Z",
  "published": "2023-07-06T19:24:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29057"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-118321"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9H8F-HJMP-PWXX

Vulnerability from github – Published: 2024-11-17 03:30 – Updated: 2024-11-17 03:30
VLAI
Details

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-52867"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-17T03:15:04Z",
    "severity": "HIGH"
  },
  "details": "guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability.",
  "id": "GHSA-9h8f-hjmp-pwxx",
  "modified": "2024-11-17T03:30:42Z",
  "published": "2024-11-17T03:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52867"
    },
    {
      "type": "WEB",
      "url": "https://git.savannah.gnu.org/cgit/guix.git/commit/?id=558224140dab669cabdaebabff18504a066c48d4"
    },
    {
      "type": "WEB",
      "url": "https://git.savannah.gnu.org/cgit/guix.git/commit/?id=5ab3c4c1e43ebb637551223791db0ea3519986e1"
    },
    {
      "type": "WEB",
      "url": "https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9HH7-6558-QFP2

Vulnerability from github – Published: 2025-11-18 18:32 – Updated: 2025-11-27 08:34
VLAI
Summary
Mattermost allows other users to determine when users had read channels via channel member objects
Details

Mattermost versions 10.11.x <= 10.11.3, and 10.5.x <= 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.11.0"
            },
            {
              "fixed": "10.11.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.5.0"
            },
            {
              "fixed": "10.5.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.0-20250905150616-ba86dfc5876b6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-55074"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-18T21:03:28Z",
    "nvd_published_at": "2025-11-18T16:15:44Z",
    "severity": "LOW"
  },
  "details": "Mattermost versions 10.11.x \u003c= 10.11.3, and 10.5.x \u003c= 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects.",
  "id": "GHSA-9hh7-6558-qfp2",
  "modified": "2025-11-27T08:34:12Z",
  "published": "2025-11-18T18:32:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55074"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/mattermost/pull/33835"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/mattermost/pull/33905"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/mattermost/commit/98acefe911dd9de7edf47a7d825dd99f53141a52"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/mattermost/commit/ba86dfc5876b354b9d3c20ff45c08ca6f8426149"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/mattermost/commit/d72d437f1567ba0b639b6e4fd73bab06c51baab5"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-9hh7-6558-qfp2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mattermost/mattermost"
    },
    {
      "type": "WEB",
      "url": "https://mattermost.com/security-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Mattermost allows other users to determine when users had read channels via channel member objects"
}

GHSA-9J2G-7V4V-VP2G

Vulnerability from github – Published: 2025-11-12 21:31 – Updated: 2025-11-12 21:31
VLAI
Details

An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8485"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-12T20:15:45Z",
    "severity": "HIGH"
  },
  "details": "An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application.",
  "id": "GHSA-9j2g-7v4v-vp2g",
  "modified": "2025-11-12T21:31:09Z",
  "published": "2025-11-12T21:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8485"
    },
    {
      "type": "WEB",
      "url": "https://iknow.lenovo.com.cn/detail/434329"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-9J72-3M9P-JCQW

Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-05-24 17:31
VLAI
Details

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-14718"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-23T05:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.",
  "id": "GHSA-9j72-3m9p-jcqw",
  "modified": "2022-05-24T17:31:55Z",
  "published": "2022-05-24T17:31:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14718"
    },
    {
      "type": "WEB",
      "url": "https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2020-22"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-9J72-P63R-H27H

Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2025-03-13 15:32
VLAI
Details

Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-44786"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-22T17:15:08Z",
    "severity": "HIGH"
  },
  "details": "Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users\u0027 address books via unspecified vectors.",
  "id": "GHSA-9j72-p63r-h27h",
  "modified": "2025-03-13T15:32:41Z",
  "published": "2024-11-22T21:32:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44786"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/luluhackme/8356703c7295d03d6e68a1ca652441b9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9J8C-8637-MCCQ

Vulnerability from github – Published: 2022-06-03 00:01 – Updated: 2022-06-11 00:00
VLAI
Details

In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-31500"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-02T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions.",
  "id": "GHSA-9j8c-8637-mccq",
  "modified": "2022-06-11T00:00:24Z",
  "published": "2022-06-03T00:01:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31500"
    },
    {
      "type": "WEB",
      "url": "https://knime.com"
    },
    {
      "type": "WEB",
      "url": "https://www.knime.com/security/advisories#CVE-2022-31500"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9J8M-FMG4-MG36

Vulnerability from github – Published: 2022-08-05 00:00 – Updated: 2022-08-11 00:00
VLAI
Details

Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-37030"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-04T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module.",
  "id": "GHSA-9j8m-fmg4-mg36",
  "modified": "2022-08-11T00:00:37Z",
  "published": "2022-08-05T00:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37030"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1201949"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/08/04/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9M2C-R2HC-7GCR

Vulnerability from github – Published: 2025-02-05 00:31 – Updated: 2025-02-05 00:31
VLAI
Details

Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-11468"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-04T23:15:08Z",
    "severity": "HIGH"
  },
  "details": "Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed.",
  "id": "GHSA-9m2c-r2hc-7gcr",
  "modified": "2025-02-05T00:31:13Z",
  "published": "2025-02-05T00:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11468"
    },
    {
      "type": "WEB",
      "url": "https://static.omnissa.com/sites/default/files/OMSA-2024-0002.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.omnissa.com/omnissa-security-response"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

The architecture needs to access and modification attributes for files to only those users who actually require those actions.

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-81: Web Server Logs Tampering

Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.