CWE-276
AllowedIncorrect Default Permissions
Abstraction: Base · Status: Draft
During installation, installed file permissions are set to allow anyone to modify those files.
2034 vulnerabilities reference this CWE, most recent first.
GHSA-GHJR-V93Q-VX27
Vulnerability from github – Published: 2022-03-22 00:00 – Updated: 2022-04-02 00:00In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder.
{
"affected": [],
"aliases": [
"CVE-2022-25570"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-21T13:15:00Z",
"severity": "MODERATE"
},
"details": "In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder.",
"id": "GHSA-ghjr-v93q-vx27",
"modified": "2022-04-02T00:00:36Z",
"published": "2022-03-22T00:00:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25570"
},
{
"type": "WEB",
"url": "https://sysadms.de/2022/03/cve-2022-25570-standard-berechtigungsmodell-im-passwortmanager-passwordstate-ermoeglicht-rechteausweitung"
},
{
"type": "WEB",
"url": "https://www.clickstudios.com.au/passwordstate-changelog.aspx"
},
{
"type": "WEB",
"url": "http://passwordstate.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GJ2V-JX3P-28MW
Vulnerability from github – Published: 2024-06-14 06:34 – Updated: 2024-07-04 06:35Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference URL.
{
"affected": [],
"aliases": [
"CVE-2024-27167"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-14T04:15:34Z",
"severity": "HIGH"
},
"details": "Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference URL.",
"id": "GHSA-gj2v-jx3p-28mw",
"modified": "2024-07-04T06:35:04Z",
"published": "2024-06-14T06:34:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27167"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/20240531_01.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GJ47-JF8P-7HXM
Vulnerability from github – Published: 2024-10-08 18:33 – Updated: 2024-10-08 18:33Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation.
{
"affected": [],
"aliases": [
"CVE-2024-9167"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-08T17:15:56Z",
"severity": "HIGH"
},
"details": "Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation.",
"id": "GHSA-gj47-jf8p-7hxm",
"modified": "2024-10-08T18:33:14Z",
"published": "2024-10-08T18:33:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9167"
},
{
"type": "WEB",
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Velocity-License-Server-CVE-2024-9167"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GJ6C-JR7J-JGCM
Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2024-04-04 01:58Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.
{
"affected": [],
"aliases": [
"CVE-2019-9679"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-18T19:15:00Z",
"severity": "HIGH"
},
"details": "Some of Dahua\u0027s Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.",
"id": "GHSA-gj6c-jr7j-jgcm",
"modified": "2024-04-04T01:58:15Z",
"published": "2022-05-24T16:56:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9679"
},
{
"type": "WEB",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GJMR-RW74-6FVM
Vulnerability from github – Published: 2021-12-28 00:00 – Updated: 2022-01-08 00:00Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.
{
"affected": [],
"aliases": [
"CVE-2021-45335"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-27T14:15:00Z",
"severity": "HIGH"
},
"details": "Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.",
"id": "GHSA-gjmr-rw74-6fvm",
"modified": "2022-01-08T00:00:52Z",
"published": "2021-12-28T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45335"
},
{
"type": "WEB",
"url": "https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5"
},
{
"type": "WEB",
"url": "https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GJWX-G2PH-472R
Vulnerability from github – Published: 2025-05-02 00:32 – Updated: 2025-05-22 18:31An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a lower privileged user to execute commands with root level privileges in the 'Online Backup' folder. Users are recommended to upgrade to MSP360 Backup 4.4 (released on 2025-04-22).
{
"affected": [],
"aliases": [
"CVE-2025-43595"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T22:15:17Z",
"severity": "HIGH"
},
"details": "An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a lower privileged user to execute commands with root level privileges in the \u0027Online Backup\u0027 folder. Users are recommended to upgrade to MSP360 Backup 4.4 (released on 2025-04-22).",
"id": "GHSA-gjwx-g2ph-472r",
"modified": "2025-05-22T18:31:14Z",
"published": "2025-05-02T00:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43595"
},
{
"type": "WEB",
"url": "https://help.msp360.com/cloudberry-backup-mac-linux/whats-new"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-119-01.json"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43595"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GM4W-75RJ-3WR6
Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2024-04-04 02:31Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account.
{
"affected": [],
"aliases": [
"CVE-2019-16919"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-18T12:15:00Z",
"severity": "HIGH"
},
"details": "Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don\u0027t have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account.",
"id": "GHSA-gm4w-75rj-3wr6",
"modified": "2024-04-04T02:31:23Z",
"published": "2022-05-24T16:59:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/goharbor/harbor/security/advisories/GHSA-x2r2-w9c7-h624"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16919"
},
{
"type": "WEB",
"url": "https://landscape.cncf.io/selected=harbor"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0016.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GMP3-R9V5-7G6H
Vulnerability from github – Published: 2024-06-14 03:31 – Updated: 2024-07-04 06:35The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.
{
"affected": [],
"aliases": [
"CVE-2024-27153"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-14T03:15:12Z",
"severity": "HIGH"
},
"details": "The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.",
"id": "GHSA-gmp3-r9v5-7g6h",
"modified": "2024-07-04T06:35:03Z",
"published": "2024-06-14T03:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27153"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/20240531_01.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GMRM-8FX4-66X7
Vulnerability from github – Published: 2024-06-18 12:30 – Updated: 2024-09-09 21:31Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-c25h-c27q-5qpv. This link is maintained to preserve external references.
Original Description
A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "24.0.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-18T16:34:46Z",
"nvd_published_at": "2024-06-18T12:15:12Z",
"severity": "LOW"
},
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-c25h-c27q-5qpv. This link is maintained to preserve external references.\n\n## Original Description\n\nA vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL\u00a0 independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin\u00a0access (permission manage-realm) to change the LDAP host URL (\"Connection URL\") to a machine they control. The Keycloak server will connect to the attacker\u0027s host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain.",
"id": "GHSA-gmrm-8fx4-66x7",
"modified": "2024-09-09T21:31:22Z",
"published": "2024-06-18T12:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5967"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6493"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6494"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6495"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6497"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6499"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6500"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6501"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-5967"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292200"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials",
"withdrawn": "2024-06-21T15:51:43Z"
}
GHSA-GP3C-H68X-V9G8
Vulnerability from github – Published: 2024-12-18 21:30 – Updated: 2024-12-21 00:33Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0.
{
"affected": [],
"aliases": [
"CVE-2024-49202"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-18T19:15:11Z",
"severity": "HIGH"
},
"details": "Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0.",
"id": "GHSA-gp3c-h68x-v9g8",
"modified": "2024-12-21T00:33:04Z",
"published": "2024-12-18T21:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49202"
},
{
"type": "WEB",
"url": "https://keyfactor.com"
},
{
"type": "WEB",
"url": "https://software.keyfactor.com/Core-OnPrem/v12.5/Content/ReleaseNotes/ReleaseNoteDetails-12_5.htm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
The architecture needs to access and modification attributes for files to only those users who actually require those actions.
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.