Common Weakness Enumeration

CWE-276

Allowed

Incorrect Default Permissions

Abstraction: Base · Status: Draft

During installation, installed file permissions are set to allow anyone to modify those files.

2034 vulnerabilities reference this CWE, most recent first.

GHSA-FVMC-PWJ7-RPWH

Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2024-04-04 00:59
VLAI
Details

A vulnerability in the exacqVision Enterprise System Manager (ESM) v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ESM v5.12.2 and all prior versions of ESM running on a Windows operating system. This issue does not impact any Windows Server OSs, or Linux deployments with permissions that are not inherited from the root directory. Authorized Users have ?modify? permission to the ESM folders, which allows a low privilege account to modify files located in these directories. An executable can be renamed and replaced by a malicious file that could connect back to a bad actor providing system level privileges. A low privileged user is not able to restart the service, but a restart of the system would trigger the execution of the malicious file. This issue affects: Exacq Technologies, Inc. exacqVision Enterprise System Manager (ESM) Version 5.12.2 and prior versions; This issue does not affect: Exacq Technologies, Inc. exacqVision Enterprise System Manager (ESM) 19.03 and above.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-7588"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-18T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the exacqVision Enterprise System Manager (ESM) v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ESM v5.12.2 and all prior versions of ESM running on a Windows operating system. This issue does not impact any Windows Server OSs, or Linux deployments with permissions that are not inherited from the root directory. Authorized Users have ?modify? permission to the ESM folders, which allows a low privilege account to modify files located in these directories. An executable can be renamed and replaced by a malicious file that could connect back to a bad actor providing system level privileges. A low privileged user is not able to restart the service, but a restart of the system would trigger the execution of the malicious file. This issue affects: Exacq Technologies, Inc. exacqVision Enterprise System Manager (ESM) Version 5.12.2 and prior versions; This issue does not affect: Exacq Technologies, Inc. exacqVision Enterprise System Manager (ESM) 19.03 and above.",
  "id": "GHSA-fvmc-pwj7-rpwh",
  "modified": "2024-04-04T00:59:42Z",
  "published": "2022-05-24T16:48:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7588"
    },
    {
      "type": "WEB",
      "url": "https://exacq.com/kb?crc=31399"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-01"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/151691/exacqvisionesm5122-escalate.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.johnsoncontrols.com/-/media/jci/be/united-states/specialty-pages/product-security/files/cpp-psa-2019-01-v2-exacqvision-esm.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FVRJ-2Q48-P9W5

Vulnerability from github – Published: 2024-08-07 03:31 – Updated: 2024-08-07 03:31
VLAI
Details

Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-34616"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-07T02:15:37Z",
    "severity": "MODERATE"
  },
  "details": "Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data.",
  "id": "GHSA-fvrj-2q48-p9w5",
  "modified": "2024-08-07T03:31:28Z",
  "published": "2024-08-07T03:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34616"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=08"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FVWF-7864-8876

Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2022-05-24 17:04
VLAI
Details

ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-8256"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-19T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation.",
  "id": "GHSA-fvwf-7864-8876",
  "modified": "2022-05-24T17:04:48Z",
  "published": "2022-05-24T17:04:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8256"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-58.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FWCG-248M-R4CX

Vulnerability from github – Published: 2023-05-19 06:30 – Updated: 2024-04-04 04:14
VLAI
Details

Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33240"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-19T06:15:08Z",
    "severity": "HIGH"
  },
  "details": "Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2.",
  "id": "GHSA-fwcg-248m-r4cx",
  "modified": "2024-04-04T04:14:59Z",
  "published": "2023-05-19T06:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33240"
    },
    {
      "type": "WEB",
      "url": "https://www.foxit.com/support/security-bulletins.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FWCM-6PR4-2759

Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2022-05-24 17:28
VLAI
Details

In InputManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878642

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-0311"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-18T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In InputManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878642",
  "id": "GHSA-fwcm-6pr4-2759",
  "modified": "2022-05-24T17:28:36Z",
  "published": "2022-05-24T17:28:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0311"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/android-11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FXQX-QJ2C-2FC7

Vulnerability from github – Published: 2022-01-11 00:01 – Updated: 2022-04-13 00:01
VLAI
Details

Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the "image" parameter that can execute a webshell payload.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-45003"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-10T14:10:00Z",
    "severity": "CRITICAL"
  },
  "details": "Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the \"image\" parameter that can execute a webshell payload.",
  "id": "GHSA-fxqx-qj2c-2fc7",
  "modified": "2022-04-13T00:01:12Z",
  "published": "2022-01-11T00:01:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45003"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/drive/folders/1VuWo2JS7VTh9KPRnoi7CZZQgVZ4msBav?usp=sharing"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qerogram/BUG_WEB/tree/main/OpenSource/CVE-2021-45003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G265-W27F-7CFM

Vulnerability from github – Published: 2025-05-29 15:31 – Updated: 2025-05-29 15:31
VLAI
Details

Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassing Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.

This issue affects DaVinci Resolve on macOS in all versions. Last tested version: 19.1.3

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4081"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-29T15:15:34Z",
    "severity": "MODERATE"
  },
  "details": "Use of entitlement \"com.apple.security.cs.disable-library-validation\" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassing Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.\n\nThis issue affects DaVinci Resolve on macOS in all versions.\nLast tested version: 19.1.3",
  "id": "GHSA-g265-w27f-7cfm",
  "modified": "2025-05-29T15:31:09Z",
  "published": "2025-05-29T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4081"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/en/posts/2025/05/tcc-bypass"
    },
    {
      "type": "WEB",
      "url": "https://www.blackmagicdesign.com/products/davinciresolve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-G28X-PGR3-QQX6

Vulnerability from github – Published: 2022-06-15 21:24 – Updated: 2022-07-13 19:19
VLAI
Summary
Octokit gem published with world-writable files
Details

Impact

Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files.

Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- (i.e. 0666) instead of rw-r--r-- (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem.

Malicious code already present and running on your machine, separate from this package, could modify the gem’s files and change its behavior during runtime.

Patches

Workarounds

Users can use the previous version of the gem v4.22.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "octokit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.23.0"
            },
            {
              "fixed": "4.25.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31072"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-15T21:24:16Z",
    "nvd_published_at": "2022-06-15T23:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\n\nVersions [4.23.0](https://rubygems.org/gems/octokit/versions/4.23.0) and [4.24.0](https://rubygems.org/gems/octokit/versions/4.24.0) of the octokit gem were published containing world-writeable files. \n\nSpecifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. \n\nMalicious code already present and running on your machine, separate from this package, could modify the gem\u2019s files and change its behavior during runtime.\n\n### Patches\n* [octokit 4.25.0](https://rubygems.org/gems/octokit/versions/4.25.0)\n\n### Workarounds\nUsers can use the previous version of the gem [v4.22.0](https://rubygems.org/gems/octokit/versions/4.22.0). Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version.\n\n",
  "id": "GHSA-g28x-pgr3-qqx6",
  "modified": "2022-07-13T19:19:18Z",
  "published": "2022-06-15T21:24:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/octokit/octokit.rb/security/advisories/GHSA-g28x-pgr3-qqx6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31072"
    },
    {
      "type": "WEB",
      "url": "https://github.com/octokit/octokit.rb/commit/1c8edecc9cf23d1ceb959d91a416a69f55ce7d55"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/octokit/octokit.rb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/octokit/CVE-2022-31072.yml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Octokit gem published with world-writable files"
}

GHSA-G2CQ-WG23-G8QW

Vulnerability from github – Published: 2025-05-26 15:30 – Updated: 2025-05-26 18:30
VLAI
Details

The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-46803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-26T15:15:19Z",
    "severity": "MODERATE"
  },
  "details": "The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system.",
  "id": "GHSA-g2cq-wg23-g8qw",
  "modified": "2025-05-26T18:30:25Z",
  "published": "2025-05-26T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46803"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46803"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2025/05/12/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/05/13/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-G2G5-8M5M-XMQG

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2025-04-20 03:42
VLAI
Details

Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability".

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8625"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-08T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka \"Internet Explorer Security Feature Bypass Vulnerability\".",
  "id": "GHSA-g2g5-8m5m-xmqg",
  "modified": "2025-04-20T03:42:45Z",
  "published": "2022-05-13T01:47:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8625"
    },
    {
      "type": "WEB",
      "url": "https://msitpros.com/?p=3909"
    },
    {
      "type": "WEB",
      "url": "https://oddvar.moe/2017/08/13/bypassing-device-guard-umci-using-chm-cve-2017-8625"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8625"
    },
    {
      "type": "WEB",
      "url": "https://posts.specterops.io/umci-vs-internet-explorer-exploring-cve-2017-8625-3946536c6442"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100063"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039112"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

The architecture needs to access and modification attributes for files to only those users who actually require those actions.

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-81: Web Server Logs Tampering

Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.