CWE-276
AllowedIncorrect Default Permissions
Abstraction: Base · Status: Draft
During installation, installed file permissions are set to allow anyone to modify those files.
2035 vulnerabilities reference this CWE, most recent first.
GHSA-MRP2-G378-9WHC
Vulnerability from github – Published: 2025-04-05 03:30 – Updated: 2025-04-05 03:30The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
{
"affected": [],
"aliases": [
"CVE-2024-11088"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-21T14:15:08Z",
"severity": "MODERATE"
},
"details": "The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.",
"id": "GHSA-mrp2-g378-9whc",
"modified": "2025-04-05T03:30:32Z",
"published": "2025-04-05T03:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11088"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3190023/simple-membership"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c1558b08-a33b-4cf2-bacb-c88065f513cc?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MRX6-RGFC-X742
Vulnerability from github – Published: 2024-03-05 06:30 – Updated: 2024-03-05 06:30Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings.
{
"affected": [],
"aliases": [
"CVE-2024-20830"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-05T05:15:09Z",
"severity": "MODERATE"
},
"details": "Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings.",
"id": "GHSA-mrx6-rgfc-x742",
"modified": "2024-03-05T06:30:41Z",
"published": "2024-03-05T06:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20830"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-MV32-9MH3-Q74P
Vulnerability from github – Published: 2025-07-17 21:32 – Updated: 2025-07-17 21:32A vulnerability related to registry permissions in the Intercept X for Windows updater prior to version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade.
{
"affected": [],
"aliases": [
"CVE-2024-13972"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-17T19:15:24Z",
"severity": "HIGH"
},
"details": "A vulnerability related to registry permissions in the Intercept X for Windows updater prior to version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade.",
"id": "GHSA-mv32-9mh3-q74p",
"modified": "2025-07-17T21:32:13Z",
"published": "2025-07-17T21:32:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13972"
},
{
"type": "WEB",
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MV8Q-JR3C-HXP6
Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
{
"affected": [],
"aliases": [
"CVE-2020-26088"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-24T15:15:00Z",
"severity": "MODERATE"
},
"details": "A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.",
"id": "GHSA-mv8q-jr3c-hxp6",
"modified": "2022-05-24T17:29:26Z",
"published": "2022-05-24T17:29:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26088"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/26896f01467a28651f7a536143fe5ac8449d4041"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4578-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MVXP-VG38-GQ5C
Vulnerability from github – Published: 2022-07-08 00:00 – Updated: 2024-03-27 15:30When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended.
{
"affected": [],
"aliases": [
"CVE-2022-32207"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-07T13:15:00Z",
"severity": "CRITICAL"
},
"details": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.",
"id": "GHSA-mvxp-vg38-gq5c",
"modified": "2024-03-27T15:30:36Z",
"published": "2022-07-08T00:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32207"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1573634"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220915-0003"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213488"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW98-2GV2-MP63
Vulnerability from github – Published: 2026-04-03 09:30 – Updated: 2026-04-03 09:30Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse.
An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory.
This issue affects TETRA connectivity Server: 7.0.
Vulnerability fix is available and delivered to impacted customers.
{
"affected": [],
"aliases": [
"CVE-2025-7024"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-03T08:16:17Z",
"severity": "MODERATE"
},
"details": "Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse.\n\n\nAn attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory.\n\nThis issue affects TETRA connectivity Server: 7.0.\n\n\nVulnerability fix is available and delivered to impacted customers.",
"id": "GHSA-mw98-2gv2-mp63",
"modified": "2026-04-03T09:30:16Z",
"published": "2026-04-03T09:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7024"
},
{
"type": "WEB",
"url": "https://cwe.mitre.org/data/definitions/276.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MX2F-FX3V-GG7X
Vulnerability from github – Published: 2024-10-11 18:32 – Updated: 2024-10-11 18:32An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information.
On all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows
a low-privileged user can access sensitive information compromising the confidentiality of the system.
Junos OS Evolved:
- All versions before 20.4R3-S9-EVO,
- 21.2-EVO before 21.2R3-S7-EVO,
- 21.4-EVO before 21.4R3-S5-EVO,
- 22.1-EVO before 22.1R3-S5-EVO,
- 22.2-EVO before 22.2R3-S3-EVO,
- 22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO,
- 22.4-EVO before 22.4R3-EVO,
- 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO.
{
"affected": [],
"aliases": [
"CVE-2024-39544"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-11T16:15:07Z",
"severity": "MODERATE"
},
"details": "An\u00a0Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information.\n\n\n\nOn all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows \n\na low-privileged user can access sensitive information compromising the confidentiality of the system.\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n\n * All versions before 20.4R3-S9-EVO,\u00a0\n * 21.2-EVO before 21.2R3-S7-EVO,\u00a0\n * 21.4-EVO before 21.4R3-S5-EVO,\u00a0\n * 22.1-EVO before 22.1R3-S5-EVO,\u00a0\n * 22.2-EVO before 22.2R3-S3-EVO,\u00a0\n * 22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO,\u00a0\n * 22.4-EVO before 22.4R3-EVO,\u00a0\n * 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO.",
"id": "GHSA-mx2f-fx3v-gg7x",
"modified": "2024-10-11T18:32:49Z",
"published": "2024-10-11T18:32:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39544"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA88106"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MX5F-VQXG-86W4
Vulnerability from github – Published: 2024-11-12 15:30 – Updated: 2024-11-12 15:30A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.
{
"affected": [],
"aliases": [
"CVE-2024-46894"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T13:15:10Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in SINEC INS (All versions \u003c V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the \"/api/sftp/users\" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.",
"id": "GHSA-mx5f-vqxg-86w4",
"modified": "2024-11-12T15:30:42Z",
"published": "2024-11-12T15:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46894"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MXCM-6447-457Q
Vulnerability from github – Published: 2024-12-12 03:33 – Updated: 2024-12-12 03:33Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the product installer. The product applies incorrect default permissions to a sensitive folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24329.
{
"affected": [],
"aliases": [
"CVE-2024-11872"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-12T01:40:20Z",
"severity": "HIGH"
},
"details": "Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the product installer. The product applies incorrect default permissions to a sensitive folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24329.",
"id": "GHSA-mxcm-6447-457q",
"modified": "2024-12-12T03:33:01Z",
"published": "2024-12-12T03:33:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11872"
},
{
"type": "WEB",
"url": "https://trello.com/c/tcS6Jcfy/578-epic-games-launcher-1720"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1646"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MXF8-GRM7-MVQW
Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2023-10-27 17:43Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to perform connection tests, determine whether files with an attacker-specified path exist on the Jenkins controller file system, and obtain limited information about the Jenkins and plugin configuration based on the responses. The latter include the ability to set plugin configuration options.
Additionally, these form validation methods do not require POST requests, resulting in a CSRF vulnerability.
As of publication of this advisory, there is no fix.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:websphere-deployer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-16559"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-27T17:43:32Z",
"nvd_published_at": "2019-12-17T15:15:00Z",
"severity": "MODERATE"
},
"details": "Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to perform connection tests, determine whether files with an attacker-specified path exist on the Jenkins controller file system, and obtain limited information about the Jenkins and plugin configuration based on the responses. The latter include the ability to set plugin configuration options.\n\nAdditionally, these form validation methods do not require POST requests, resulting in a CSRF vulnerability.\n\nAs of publication of this advisory, there is no fix.",
"id": "GHSA-mxf8-grm7-mvqw",
"modified": "2023-10-27T17:43:32Z",
"published": "2022-05-24T17:03:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16559"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1371"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/12/17/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins WebSphere Deployer Plugin missing permission check"
}
Mitigation MIT-1
The architecture needs to access and modification attributes for files to only those users who actually require those actions.
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.