CWE-276
AllowedIncorrect Default Permissions
Abstraction: Base · Status: Draft
During installation, installed file permissions are set to allow anyone to modify those files.
2034 vulnerabilities reference this CWE, most recent first.
GHSA-3WR5-8397-GQC8
Vulnerability from github – Published: 2023-09-15 15:30 – Updated: 2024-04-04 07:42The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.
{
"affected": [],
"aliases": [
"CVE-2022-3466"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-15T14:15:08Z",
"severity": "MODERATE"
},
"details": "The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.",
"id": "GHSA-3wr5-8397-gqc8",
"modified": "2024-04-04T07:42:21Z",
"published": "2023-09-15T15:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3466"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:7398"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-3466"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134063"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3WV8-Q6G7-7FRH
Vulnerability from github – Published: 2025-01-07 21:30 – Updated: 2025-01-08 15:31An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server.
{
"affected": [],
"aliases": [
"CVE-2022-41572"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-07T20:15:27Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server.",
"id": "GHSA-3wv8-q6g7-7frh",
"modified": "2025-01-08T15:31:10Z",
"published": "2025-01-07T21:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41572"
},
{
"type": "WEB",
"url": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/120"
},
{
"type": "WEB",
"url": "https://github.com/Orange-Cyberdefense/CVE-repository"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3WWX-63FV-PFQ6
Vulnerability from github – Published: 2024-10-21 19:03 – Updated: 2024-10-21 21:41Impact
A policy rule denying a prefix that is broader than /32 may be ignored if there is
- A policy rule referencing a more narrow prefix (
CIDRSetortoFQDN) and - This narrower policy rule specifies either
enableDefaultDeny: falseor- toEntities: all
Note that a rule specifying toEntities: world or toEntities: 0.0.0.0/0 is insufficient, it must be to entity all.
As an example, given the below policies, traffic is allowed to 1.1.1.2, when it should be denied:
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
name: block-scary-range
spec:
endpointSelector: {}
egressDeny:
- toCIDRSet:
- cidr: 1.0.0.0/8
---
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: evade-deny
spec:
endpointSelector: {}
egress:
- toCIDR:
- 1.1.1.2/32
- toEntities:
- all
Patches
This issue affects:
- Cilium v1.14 between v1.14.0 and v1.14.15 inclusive
- Cilium v1.15 between v1.15.0 and v1.15.9 inclusive
This issue has been patched in:
- Cilium v1.14.16
- Cilium v1.15.10
Workarounds
Users with policies using enableDefaultDeny: false can work around this issue by removing this configuration option and explicitly defining any allow rules required.
No workaround is available to users with egress policies that explicitly specify toEntities: all.
Acknowledgements
The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @squeed, @christarazi, and @jrajahalme for their work in triaging and resolving this issue.
For more information
If you have any questions or comments about this advisory, please reach out on Slack.
If you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at security@cilium.io. This is a private mailing list for the Cilium security team, and your report will be treated with top priority.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cilium/cilium"
},
"ranges": [
{
"events": [
{
"introduced": "1.15.0"
},
{
"fixed": "1.15.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/cilium/cilium"
},
"ranges": [
{
"events": [
{
"introduced": "1.14.0"
},
{
"fixed": "1.14.16"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-47825"
],
"database_specific": {
"cwe_ids": [
"CWE-1038",
"CWE-276"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-21T19:03:47Z",
"nvd_published_at": "2024-10-21T19:15:03Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nA policy rule denying a prefix that is broader than /32 may be ignored if there is\n\n- A policy rule referencing a more narrow prefix (`CIDRSet` or `toFQDN`) **and**\n- This narrower policy rule specifies either `enableDefaultDeny: false` or `- toEntities: all`\n\nNote that a rule specifying `toEntities: world` or `toEntities: 0.0.0.0/0` is insufficient, it must be to entity `all`.\n\nAs an example, given the below policies, traffic is allowed to 1.1.1.2, when it should be denied:\n\n```\napiVersion: cilium.io/v2\nkind: CiliumClusterwideNetworkPolicy\nmetadata:\n name: block-scary-range\nspec:\n endpointSelector: {}\n egressDeny:\n - toCIDRSet:\n - cidr: 1.0.0.0/8\n\n---\n\napiVersion: cilium.io/v2\nkind: CiliumNetworkPolicy\nmetadata:\n name: evade-deny\nspec:\n endpointSelector: {}\n egress:\n - toCIDR:\n - 1.1.1.2/32\n - toEntities:\n - all\n```\n\n### Patches\n\nThis issue affects:\n\n- Cilium v1.14 between v1.14.0 and v1.14.15 inclusive\n- Cilium v1.15 between v1.15.0 and v1.15.9 inclusive\n\nThis issue has been patched in:\n\n- Cilium v1.14.16\n- Cilium v1.15.10\n\n### Workarounds\n\nUsers with policies using `enableDefaultDeny: false` can work around this issue by removing this configuration option and explicitly defining any allow rules required.\n\nNo workaround is available to users with egress policies that explicitly specify `toEntities: all`.\n\n### Acknowledgements\n\nThe Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @squeed, @christarazi, and @jrajahalme for their work in triaging and resolving this issue.\n\n### For more information\n\nIf you have any questions or comments about this advisory, please reach out on [Slack](https://docs.cilium.io/en/latest/community/community/#slack).\n\nIf you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at [security@cilium.io](mailto:security@cilium.io). This is a private mailing list for the Cilium security team, and your report will be treated with top priority.\n",
"id": "GHSA-3wwx-63fv-pfq6",
"modified": "2024-10-21T21:41:15Z",
"published": "2024-10-21T19:03:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-3wwx-63fv-pfq6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47825"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/02d28d9ac9afcaddd301fae6fb4d6cda8c2d0c45"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/9c01afb5646af3f0c696421a410dc66c513b6524"
},
{
"type": "PACKAGE",
"url": "https://github.com/cilium/cilium"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cilium\u0027s CIDR deny policies may not take effect when a more narrow CIDR allow is present"
}
GHSA-3X46-FHQ4-2CP2
Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 18:30In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
{
"affected": [],
"aliases": [
"CVE-2022-47450"
],
"database_specific": {
"cwe_ids": [
"CWE-276",
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-12T04:15:00Z",
"severity": "MODERATE"
},
"details": "In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.",
"id": "GHSA-3x46-fhq4-2cp2",
"modified": "2023-02-21T18:30:25Z",
"published": "2023-02-12T06:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47450"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1621031430231134210"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3X57-7R9M-7XWV
Vulnerability from github – Published: 2022-01-29 00:00 – Updated: 2022-04-20 00:01A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-40396"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-28T20:15:00Z",
"severity": "HIGH"
},
"details": "A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.",
"id": "GHSA-3x57-7r9m-7xwv",
"modified": "2022-04-20T00:01:46Z",
"published": "2022-01-29T00:00:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40396"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1408"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3XG5-V3R3-XVCQ
Vulnerability from github – Published: 2022-02-26 00:00 – Updated: 2022-03-05 00:00In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
{
"affected": [],
"aliases": [
"CVE-2022-24337"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-25T15:15:00Z",
"severity": "MODERATE"
},
"details": "In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.",
"id": "GHSA-3xg5-v3r3-xvcq",
"modified": "2022-03-05T00:00:54Z",
"published": "2022-02-26T00:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24337"
},
{
"type": "WEB",
"url": "https://blog.jetbrains.com"
},
{
"type": "WEB",
"url": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3XMM-R55R-F598
Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-05-24 19:13The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may allow shortcuts to access restricted files.
{
"affected": [],
"aliases": [
"CVE-2021-1831"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-08T15:15:00Z",
"severity": "MODERATE"
},
"details": "The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may allow shortcuts to access restricted files.",
"id": "GHSA-3xmm-r55r-f598",
"modified": "2022-05-24T19:13:36Z",
"published": "2022-05-24T19:13:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1831"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212317"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3XQW-R49F-5RJ8
Vulnerability from github – Published: 2026-04-21 21:31 – Updated: 2026-04-21 21:31HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attackers who gain access through the channel layer can remotely manage plugin trust and activation state, enabling unauthorized plugin installation and activation on the system.
{
"affected": [],
"aliases": [
"CVE-2026-6819"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-21T20:17:05Z",
"severity": "HIGH"
},
"details": "HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attackers who gain access through the channel layer can remotely manage plugin trust and activation state, enabling unauthorized plugin installation and activation on the system.",
"id": "GHSA-3xqw-r49f-5rj8",
"modified": "2026-04-21T21:31:24Z",
"published": "2026-04-21T21:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6819"
},
{
"type": "WEB",
"url": "https://github.com/HKUDS/OpenHarness/pull/156"
},
{
"type": "WEB",
"url": "https://github.com/HKUDS/OpenHarness/commit/59017e09880fcf9a6f60456a84fb982900b2c0b2"
},
{
"type": "WEB",
"url": "https://github.com/HKUDS/OpenHarness/releases/tag/v0.1.7"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/hkuds-openharness-plugin-management-command-exposure"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3XRV-6GJW-8G8C
Vulnerability from github – Published: 2023-01-04 12:30 – Updated: 2023-01-10 18:30In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
{
"affected": [],
"aliases": [
"CVE-2022-39084"
],
"database_specific": {
"cwe_ids": [
"CWE-276",
"CWE-77",
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-04T10:15:00Z",
"severity": "MODERATE"
},
"details": "In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.",
"id": "GHSA-3xrv-6gjw-8g8c",
"modified": "2023-01-10T18:30:27Z",
"published": "2023-01-04T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39084"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3XXR-VFGJ-3GW3
Vulnerability from github – Published: 2022-08-11 00:00 – Updated: 2022-08-13 00:00In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315529
{
"affected": [],
"aliases": [
"CVE-2022-20348"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-10T20:15:00Z",
"severity": "HIGH"
},
"details": "In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315529",
"id": "GHSA-3xxr-vfgj-3gw3",
"modified": "2022-08-13T00:00:53Z",
"published": "2022-08-11T00:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20348"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2022-08-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
The architecture needs to access and modification attributes for files to only those users who actually require those actions.
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.