CWE-276
AllowedIncorrect Default Permissions
Abstraction: Base · Status: Draft
During installation, installed file permissions are set to allow anyone to modify those files.
2035 vulnerabilities reference this CWE, most recent first.
GHSA-9G9Q-CF56-CFH9
Vulnerability from github – Published: 2024-09-17 00:31 – Updated: 2025-11-04 18:31A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.
{
"affected": [],
"aliases": [
"CVE-2024-44151"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-17T00:15:50Z",
"severity": "MODERATE"
},
"details": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.",
"id": "GHSA-9g9q-cf56-cfh9",
"modified": "2025-11-04T18:31:22Z",
"published": "2024-09-17T00:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44151"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121234"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121238"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121247"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Sep/33"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Sep/40"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Sep/41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9GPH-8XXH-C4W6
Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:38A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.
{
"affected": [],
"aliases": [
"CVE-2023-29057"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-28T21:15:08Z",
"severity": "HIGH"
},
"details": "A valid XCC user\u0027s local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as \u201cLocal First, then LDAP\u201d.",
"id": "GHSA-9gph-8xxh-c4w6",
"modified": "2024-04-04T05:38:28Z",
"published": "2023-07-06T19:24:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29057"
},
{
"type": "WEB",
"url": "https://support.lenovo.com/us/en/product_security/LEN-118321"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9H8F-HJMP-PWXX
Vulnerability from github – Published: 2024-11-17 03:30 – Updated: 2024-11-17 03:30guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability.
{
"affected": [],
"aliases": [
"CVE-2024-52867"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-17T03:15:04Z",
"severity": "HIGH"
},
"details": "guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability.",
"id": "GHSA-9h8f-hjmp-pwxx",
"modified": "2024-11-17T03:30:42Z",
"published": "2024-11-17T03:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52867"
},
{
"type": "WEB",
"url": "https://git.savannah.gnu.org/cgit/guix.git/commit/?id=558224140dab669cabdaebabff18504a066c48d4"
},
{
"type": "WEB",
"url": "https://git.savannah.gnu.org/cgit/guix.git/commit/?id=5ab3c4c1e43ebb637551223791db0ea3519986e1"
},
{
"type": "WEB",
"url": "https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9HH7-6558-QFP2
Vulnerability from github – Published: 2025-11-18 18:32 – Updated: 2025-11-27 08:34Mattermost versions 10.11.x <= 10.11.3, and 10.5.x <= 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server"
},
"ranges": [
{
"events": [
{
"introduced": "10.11.0"
},
{
"fixed": "10.11.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server"
},
"ranges": [
{
"events": [
{
"introduced": "10.5.0"
},
{
"fixed": "10.5.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.0-20250905150616-ba86dfc5876b6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-55074"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-18T21:03:28Z",
"nvd_published_at": "2025-11-18T16:15:44Z",
"severity": "LOW"
},
"details": "Mattermost versions 10.11.x \u003c= 10.11.3, and 10.5.x \u003c= 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects.",
"id": "GHSA-9hh7-6558-qfp2",
"modified": "2025-11-27T08:34:12Z",
"published": "2025-11-18T18:32:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55074"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/mattermost/pull/33835"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/mattermost/pull/33905"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/mattermost/commit/98acefe911dd9de7edf47a7d825dd99f53141a52"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/mattermost/commit/ba86dfc5876b354b9d3c20ff45c08ca6f8426149"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/mattermost/commit/d72d437f1567ba0b639b6e4fd73bab06c51baab5"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-9hh7-6558-qfp2"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Mattermost allows other users to determine when users had read channels via channel member objects"
}
GHSA-9J2G-7V4V-VP2G
Vulnerability from github – Published: 2025-11-12 21:31 – Updated: 2025-11-12 21:31An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application.
{
"affected": [],
"aliases": [
"CVE-2025-8485"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-12T20:15:45Z",
"severity": "HIGH"
},
"details": "An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application.",
"id": "GHSA-9j2g-7v4v-vp2g",
"modified": "2025-11-12T21:31:09Z",
"published": "2025-11-12T21:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8485"
},
{
"type": "WEB",
"url": "https://iknow.lenovo.com.cn/detail/434329"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9J72-3M9P-JCQW
Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-05-24 17:31Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.
{
"affected": [],
"aliases": [
"CVE-2019-14718"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-23T05:15:00Z",
"severity": "MODERATE"
},
"details": "Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.",
"id": "GHSA-9j72-3m9p-jcqw",
"modified": "2022-05-24T17:31:55Z",
"published": "2022-05-24T17:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14718"
},
{
"type": "WEB",
"url": "https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2020-22"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9J72-P63R-H27H
Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2025-03-13 15:32Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2024-44786"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-22T17:15:08Z",
"severity": "HIGH"
},
"details": "Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users\u0027 address books via unspecified vectors.",
"id": "GHSA-9j72-p63r-h27h",
"modified": "2025-03-13T15:32:41Z",
"published": "2024-11-22T21:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44786"
},
{
"type": "WEB",
"url": "https://gist.github.com/luluhackme/8356703c7295d03d6e68a1ca652441b9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9J8C-8637-MCCQ
Vulnerability from github – Published: 2022-06-03 00:01 – Updated: 2022-06-11 00:00In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions.
{
"affected": [],
"aliases": [
"CVE-2022-31500"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-02T14:15:00Z",
"severity": "HIGH"
},
"details": "In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions.",
"id": "GHSA-9j8c-8637-mccq",
"modified": "2022-06-11T00:00:24Z",
"published": "2022-06-03T00:01:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31500"
},
{
"type": "WEB",
"url": "https://knime.com"
},
{
"type": "WEB",
"url": "https://www.knime.com/security/advisories#CVE-2022-31500"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9J8M-FMG4-MG36
Vulnerability from github – Published: 2022-08-05 00:00 – Updated: 2022-08-11 00:00Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module.
{
"affected": [],
"aliases": [
"CVE-2022-37030"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-04T23:15:00Z",
"severity": "HIGH"
},
"details": "Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module.",
"id": "GHSA-9j8m-fmg4-mg36",
"modified": "2022-08-11T00:00:37Z",
"published": "2022-08-05T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37030"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1201949"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/08/04/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9M2C-R2HC-7GCR
Vulnerability from github – Published: 2025-02-05 00:31 – Updated: 2025-02-05 00:31Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed.
{
"affected": [],
"aliases": [
"CVE-2024-11468"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-04T23:15:08Z",
"severity": "HIGH"
},
"details": "Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed.",
"id": "GHSA-9m2c-r2hc-7gcr",
"modified": "2025-02-05T00:31:13Z",
"published": "2025-02-05T00:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11468"
},
{
"type": "WEB",
"url": "https://static.omnissa.com/sites/default/files/OMSA-2024-0002.pdf"
},
{
"type": "WEB",
"url": "https://www.omnissa.com/omnissa-security-response"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
The architecture needs to access and modification attributes for files to only those users who actually require those actions.
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.