CWE-276
AllowedIncorrect Default Permissions
Abstraction: Base · Status: Draft
During installation, installed file permissions are set to allow anyone to modify those files.
2034 vulnerabilities reference this CWE, most recent first.
GHSA-3C8W-CF3R-86MW
Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM.
{
"affected": [],
"aliases": [
"CVE-2020-25245"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-09T17:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in DIGSI 4 (All versions \u003c V4.94 SP1 HF 1). Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM.",
"id": "GHSA-3c8w-cf3r-86mw",
"modified": "2022-05-24T17:41:27Z",
"published": "2022-05-24T17:41:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25245"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-536315.pdf"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-10"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3CM5-J5R2-WVM7
Vulnerability from github – Published: 2024-01-22 00:30 – Updated: 2024-01-22 00:30A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-0770"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-21T23:15:44Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-3cm5-j5r2-wvm7",
"modified": "2024-01-22T00:30:19Z",
"published": "2024-01-22T00:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0770"
},
{
"type": "WEB",
"url": "https://imagebin.ca/v/7nx8zv3l62Kf"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.251670"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.251670"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3F4F-FX9X-P95R
Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-05-24 17:46An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.
{
"affected": [],
"aliases": [
"CVE-2021-25359"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-09T18:15:00Z",
"severity": "LOW"
},
"details": "An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.",
"id": "GHSA-3f4f-fx9x-p95r",
"modified": "2022-05-24T17:46:59Z",
"published": "2022-05-24T17:46:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25359"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3F4Q-Q2JQ-QG34
Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2022-05-24 17:32An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter in the request to the endpoint Messenger/messenger_download_csv.php?title=Hey&thread_id={THREAD_ID}.
{
"affected": [],
"aliases": [
"CVE-2020-27358"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-02T21:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger\u0027s CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another\u0027s conversation threads by changing the thread_id parameter in the request to the endpoint Messenger/messenger_download_csv.php?title=Hey\u0026thread_id={THREAD_ID}.",
"id": "GHSA-3f4q-q2jq-qg34",
"modified": "2022-05-24T17:32:59Z",
"published": "2022-05-24T17:32:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27358"
},
{
"type": "WEB",
"url": "https://github.com/seb1055/cve-2020-27358-27359"
},
{
"type": "WEB",
"url": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log"
},
{
"type": "WEB",
"url": "https://www.ruse.tech/blog/38"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3FC2-V7QW-HP8Q
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10A component of the HarmonyOS has a permission bypass vulnerability. Local attackers may exploit this vulnerability to cause the device to hang due to the page error OsVmPageFaultHandler.
{
"affected": [],
"aliases": [
"CVE-2021-22295"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-06T13:15:00Z",
"severity": "MODERATE"
},
"details": "A component of the HarmonyOS has a permission bypass vulnerability. Local attackers may exploit this vulnerability to cause the device to hang due to the page error OsVmPageFaultHandler.",
"id": "GHSA-3fc2-v7qw-hp8q",
"modified": "2022-05-24T19:10:19Z",
"published": "2022-05-24T19:10:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22295"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/cn/console/safetyDetail?id=9145efa5d9064d94a7fc3968b6054d83\u0026pageSize=10\u0026pageIndex=1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3G4H-66CQ-C8VG
Vulnerability from github – Published: 2024-06-24 09:30 – Updated: 2024-07-08 15:31The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file:
C:\ProgramData\WINSelect\WINSelect.wsd
The path for the affected WINSelect Enterprise configuration file is:
C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd
{
"affected": [],
"aliases": [
"CVE-2024-36495"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-24T09:15:09Z",
"severity": "HIGH"
},
"details": "The application Faronics WINSelect (Standard + Enterprise)\u00a0saves its configuration in an encrypted file on the file system\u00a0which \"Everyone\" has read and write access to, path to file:\n\n\n\nC:\\ProgramData\\WINSelect\\WINSelect.wsd\n\nThe path for\u00a0the affected WINSelect Enterprise\u00a0configuration file is:\n\nC:\\ProgramData\\Faronics\\StorageSpace\\WS\\WINSelect.wsd",
"id": "GHSA-3g4h-66cq-c8vg",
"modified": "2024-07-08T15:31:54Z",
"published": "2024-06-24T09:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36495"
},
{
"type": "WEB",
"url": "https://r.sec-consult.com/winselect"
},
{
"type": "WEB",
"url": "https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jun/12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3G93-3Q7R-642F
Vulnerability from github – Published: 2023-08-11 03:30 – Updated: 2024-04-04 06:51Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2023-27505"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-11T03:15:23Z",
"severity": "HIGH"
},
"details": "Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access.",
"id": "GHSA-3g93-3q7r-642f",
"modified": "2024-04-04T06:51:03Z",
"published": "2023-08-11T03:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27505"
},
{
"type": "WEB",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00848.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3GPM-W73X-57J5
Vulnerability from github – Published: 2023-05-31 09:30 – Updated: 2024-04-04 04:25Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below.
{
"affected": [],
"aliases": [
"CVE-2023-2749"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-31T09:15:10Z",
"severity": "HIGH"
},
"details": "Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below. ",
"id": "GHSA-3gpm-w73x-57j5",
"modified": "2024-04-04T04:25:25Z",
"published": "2023-05-31T09:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2749"
},
{
"type": "WEB",
"url": "https://www.asustor.com/security/security_advisory_detail?id=24"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3H6W-HJGC-HX7Q
Vulnerability from github – Published: 2025-05-22 21:30 – Updated: 2025-05-22 21:30Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3.*.
{
"affected": [],
"aliases": [
"CVE-2024-13948"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-22T19:15:38Z",
"severity": "MODERATE"
},
"details": "Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.",
"id": "GHSA-3h6w-hjgc-hx7q",
"modified": "2025-05-22T21:30:47Z",
"published": "2025-05-22T21:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13948"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A0021\u0026LanguageCode=en\u0026DocumentPartId=pdf\u0026Action=Launch"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3HFP-X6F5-MJW5
Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 18:30Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
{
"affected": [],
"aliases": [
"CVE-2025-36511"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T17:16:18Z",
"severity": "MODERATE"
},
"details": "Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.",
"id": "GHSA-3hfp-x6f5-mjw5",
"modified": "2026-02-10T18:30:40Z",
"published": "2026-02-10T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36511"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01414.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-1
The architecture needs to access and modification attributes for files to only those users who actually require those actions.
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.