CWE-276
AllowedIncorrect Default Permissions
Abstraction: Base · Status: Draft
During installation, installed file permissions are set to allow anyone to modify those files.
2034 vulnerabilities reference this CWE, most recent first.
GHSA-46QW-G75P-JR7H
Vulnerability from github – Published: 2021-12-23 00:01 – Updated: 2022-04-20 00:01A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-21910"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-22T19:15:00Z",
"severity": "HIGH"
},
"details": "A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.",
"id": "GHSA-46qw-g75p-jr7h",
"modified": "2022-04-20T00:01:56Z",
"published": "2021-12-23T00:01:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21910"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1360"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-46WG-CM84-P5P3
Vulnerability from github – Published: 2024-04-27 00:30 – Updated: 2025-02-21 18:31By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.
{
"affected": [],
"aliases": [
"CVE-2024-2859"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-27T00:15:07Z",
"severity": "MODERATE"
},
"details": "By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.",
"id": "GHSA-46wg-cm84-p5p3",
"modified": "2025-02-21T18:31:05Z",
"published": "2024-04-27T00:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2859"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240628-0003"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23245"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-474F-CMX5-GM69
Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2025-05-28 20:12The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 7.3.1"
},
"package": {
"ecosystem": "Maven",
"name": "com.liferay.portal:release.portal.bom"
},
"ranges": [
{
"events": [
{
"introduced": "7.1.0"
},
{
"fixed": "7.3.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay.portal:release.dxp.bom"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.1.10.fp20"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay.portal:release.dxp.bom"
},
"ranges": [
{
"events": [
{
"introduced": "7.2.0"
},
{
"fixed": "7.2.10.fp5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-33324"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-28T20:08:55Z",
"nvd_published_at": "2021-08-03T19:15:00Z",
"severity": "MODERATE"
},
"details": "The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site\u0027s page administration.",
"id": "GHSA-474f-cmx5-gm69",
"modified": "2025-05-28T20:12:08Z",
"published": "2022-05-24T19:09:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33324"
},
{
"type": "PACKAGE",
"url": "https://github.com/liferay/liferay-portal"
},
{
"type": "WEB",
"url": "https://issues.liferay.com/browse/LPE-17001"
},
{
"type": "WEB",
"url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20220828222955/https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747063"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Liferay Portal and Liferay DXP Don\u0027t Check Permissions of Pages"
}
GHSA-474Q-P6R2-JH4P
Vulnerability from github – Published: 2026-02-05 21:32 – Updated: 2026-02-05 21:32Tanium addressed an incorrect default permissions vulnerability in Comply.
{
"affected": [],
"aliases": [
"CVE-2025-15340"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-05T19:15:55Z",
"severity": "MODERATE"
},
"details": "Tanium addressed an incorrect default permissions vulnerability in Comply.",
"id": "GHSA-474q-p6r2-jh4p",
"modified": "2026-02-05T21:32:42Z",
"published": "2026-02-05T21:32:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15340"
},
{
"type": "WEB",
"url": "https://security.tanium.com/TAN-2025-029"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-47PC-XW4X-49CM
Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2024-04-04 02:28A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by logging in as the remotesupport user and writing files to the /root directory of an affected device.
{
"affected": [],
"aliases": [
"CVE-2019-15962"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-16T19:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by logging in as the remotesupport user and writing files to the /root directory of an affected device.",
"id": "GHSA-47pc-xw4x-49cm",
"modified": "2024-04-04T02:28:50Z",
"published": "2022-05-24T16:58:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15962"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-tele-ce-filewrite"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-47WP-R97G-7Q4M
Vulnerability from github – Published: 2024-06-27 21:32 – Updated: 2025-11-04 00:30IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197.
{
"affected": [],
"aliases": [
"CVE-2023-38370"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-27T19:15:11Z",
"severity": "HIGH"
},
"details": "IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197.",
"id": "GHSA-47wp-r97g-7q4m",
"modified": "2025-11-04T00:30:50Z",
"published": "2024-06-27T21:32:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38370"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261197"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7158790"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Nov/0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-489G-54J3-Q6RQ
Vulnerability from github – Published: 2023-07-20 18:33 – Updated: 2024-04-04 06:17Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation."
{
"affected": [],
"aliases": [
"CVE-2023-38334"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-20T18:15:12Z",
"severity": "MODERATE"
},
"details": "Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an \"irreversible operation.\"",
"id": "GHSA-489g-54j3-q6rq",
"modified": "2024-04-04T06:17:56Z",
"published": "2023-07-20T18:33:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38334"
},
{
"type": "WEB",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-006.txt"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/173696/Omnis-Studio-10.22.00-Library-Unlock.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Jul/42"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Jul/43"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-48MQ-MJ2M-9CJQ
Vulnerability from github – Published: 2024-07-16 15:30 – Updated: 2025-01-13 15:30Under certain circumstances the Software House C●CURE 9000 Site Server provides insufficient protection of directories containing executables.
{
"affected": [],
"aliases": [
"CVE-2024-32861"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-16T15:15:12Z",
"severity": "HIGH"
},
"details": "Under certain circumstances the Software House C\u25cfCURE 9000 Site Server provides insufficient protection of directories containing executables.",
"id": "GHSA-48mq-mj2m-9cjq",
"modified": "2025-01-13T15:30:48Z",
"published": "2024-07-16T15:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32861"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/ICSA-24-191-05"
},
{
"type": "WEB",
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-496P-VFHP-58HP
Vulnerability from github – Published: 2025-05-27 12:30 – Updated: 2025-05-27 12:30On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC (Transparency, Consent, and Control) identity. The acquired resource access is limited without entitlements such as access to the camera or microphone. Only user-granted permissions for file resources apply. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.
This issue was fixed in version 1.11.5 of Viscosity.
{
"affected": [],
"aliases": [
"CVE-2025-4412"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-27T10:15:19Z",
"severity": "MODERATE"
},
"details": "On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity\u0027s TCC (Transparency, Consent, and Control) identity. The acquired resource access is limited without entitlements such as access to the camera or microphone. Only user-granted permissions for file resources apply. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.\n\nThis issue was fixed in version 1.11.5 of Viscosity.",
"id": "GHSA-496p-vfhp-58hp",
"modified": "2025-05-27T12:30:29Z",
"published": "2025-05-27T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4412"
},
{
"type": "WEB",
"url": "https://cert.pl/en/posts/2025/05/tcc-bypass"
},
{
"type": "WEB",
"url": "https://www.sparklabs.com/viscosity"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4974-7PGR-4GRV
Vulnerability from github – Published: 2024-02-16 03:30 – Updated: 2024-08-01 15:31In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-0034"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-16T02:15:50Z",
"severity": "HIGH"
},
"details": "In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-4974-7pgr-4grv",
"modified": "2024-08-01T15:31:26Z",
"published": "2024-02-16T03:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0034"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/frameworks/base/+/653f7b0d234693309dc86161af01831b64033fe6"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2024-02-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
The architecture needs to access and modification attributes for files to only those users who actually require those actions.
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.