CWE-276
AllowedIncorrect Default Permissions
Abstraction: Base · Status: Draft
During installation, installed file permissions are set to allow anyone to modify those files.
2035 vulnerabilities reference this CWE, most recent first.
GHSA-5QW6-857J-HF24
Vulnerability from github – Published: 2024-11-16 00:31 – Updated: 2024-11-19 18:30A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.
{
"affected": [],
"aliases": [
"CVE-2024-51765"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-15T22:15:16Z",
"severity": "MODERATE"
},
"details": "A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.",
"id": "GHSA-5qw6-857j-hf24",
"modified": "2024-11-19T18:30:57Z",
"published": "2024-11-16T00:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51765"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04748en_us\u0026docLocale=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5R75-H3M2-34GJ
Vulnerability from github – Published: 2023-11-16 06:30 – Updated: 2023-11-29 21:30Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones.
{
"affected": [],
"aliases": [
"CVE-2023-47335"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-16T06:15:31Z",
"severity": "MODERATE"
},
"details": "Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones.",
"id": "GHSA-5r75-h3m2-34gj",
"modified": "2023-11-29T21:30:17Z",
"published": "2023-11-16T06:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47335"
},
{
"type": "WEB",
"url": "https://github.com/czbxzm/AUTEL-smart-drones-have-a-vulnerability-to-unauthorised-breaches-of-no-fly-zone"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5RJ5-JMQ2-GJ5P
Vulnerability from github – Published: 2024-06-14 12:30 – Updated: 2024-06-14 12:30Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272.
{
"affected": [],
"aliases": [
"CVE-2024-34012"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-14T10:15:10Z",
"severity": "MODERATE"
},
"details": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272.",
"id": "GHSA-5rj5-jmq2-gj5p",
"modified": "2024-06-14T12:30:50Z",
"published": "2024-06-14T12:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34012"
},
{
"type": "WEB",
"url": "https://security-advisory.acronis.com/advisories/SEC-5758"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5RWH-CQFM-WV9V
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information.
{
"affected": [],
"aliases": [
"CVE-2017-5685"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-03T21:59:00Z",
"severity": "LOW"
},
"details": "The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information.",
"id": "GHSA-5rwh-cqfm-wv9v",
"modified": "2022-05-13T01:46:15Z",
"published": "2022-05-13T01:46:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5685"
},
{
"type": "WEB",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073\u0026languageid=en-fr"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97408"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5V2X-F677-RW5J
Vulnerability from github – Published: 2022-12-02 03:30 – Updated: 2022-12-05 21:30Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access.
{
"affected": [],
"aliases": [
"CVE-2022-45562"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-02T03:15:00Z",
"severity": "HIGH"
},
"details": "Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access.",
"id": "GHSA-5v2x-f677-rw5j",
"modified": "2022-12-05T21:30:42Z",
"published": "2022-12-02T03:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45562"
},
{
"type": "WEB",
"url": "https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-45562"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5V95-V8C8-3RH6
Vulnerability from github – Published: 2021-05-21 14:32 – Updated: 2021-05-20 22:26Impact
Using a carefully crafted request or malicious proxy, a user with UserWrite permissions could create another user with higher privileges than their own due to insufficient checks on the allowed set of permissions. The event would be captured in the Event Log.
Patches
The issue has been fixed in 0.24.0 and 0.23.1.
Workarounds
For users who are unable to upgrade, we recommend auditing users who have UserWrite permissions and regularly reviewing the Event Log for malicious activity.
Kudos
Thank you to Michael Mazzolini (Ethical Hacker at WHO) for finding and disclosing this vulnerability.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c 0.23.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/google/exposure-notifications-verification-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.23.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-22538"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-20T22:26:21Z",
"nvd_published_at": "2021-03-31T21:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nUsing a carefully crafted request or malicious proxy, a user with `UserWrite` permissions could create another user with higher privileges than their own due to insufficient checks on the allowed set of permissions. The event would be captured in the Event Log.\n\n### Patches\nThe issue has been fixed in 0.24.0 and 0.23.1.\n\n### Workarounds\nFor users who are unable to upgrade, we recommend auditing users who have `UserWrite` permissions and regularly reviewing the Event Log for malicious activity.\n\n### Kudos\nThank you to Michael Mazzolini (Ethical Hacker at WHO) for finding and disclosing this vulnerability.",
"id": "GHSA-5v95-v8c8-3rh6",
"modified": "2021-05-20T22:26:21Z",
"published": "2021-05-21T14:32:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/google/exposure-notifications-verification-server/security/advisories/GHSA-5v95-v8c8-3rh6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22538"
},
{
"type": "WEB",
"url": "https://github.com/google/exposure-notifications-verification-server/commit/eb8cf40b12dbe79304f1133c06fb73419383cd95"
},
{
"type": "WEB",
"url": "https://github.com/google/exposure-notifications-verification-server/releases/tag/v0.23.1"
},
{
"type": "WEB",
"url": "https://github.com/google/exposure-notifications-verification-server/releases/tag/v0.24.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Privilege escalation in rbac"
}
GHSA-5VGG-9H5W-H365
Vulnerability from github – Published: 2023-10-19 21:30 – Updated: 2024-04-04 08:48TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.
{
"affected": [],
"aliases": [
"CVE-2022-42150"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-19T20:15:08Z",
"severity": "CRITICAL"
},
"details": "TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.",
"id": "GHSA-5vgg-9h5w-h365",
"modified": "2024-04-04T08:48:55Z",
"published": "2023-10-19T21:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42150"
},
{
"type": "WEB",
"url": "https://github.com/tinyclub/linux-lab/issues/14"
},
{
"type": "WEB",
"url": "https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements"
},
{
"type": "WEB",
"url": "https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json"
},
{
"type": "WEB",
"url": "https://hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGo"
},
{
"type": "WEB",
"url": "https://hackmd.io/@UR9gnr32QymtmtZHnZceOw/ry428EZGo"
},
{
"type": "WEB",
"url": "https://www.usenix.org/conference/usenixsecurity23/presentation/he"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5W4J-F78P-4WH9
Vulnerability from github – Published: 2025-03-21 15:18 – Updated: 2025-03-21 15:42Impact
In libcontainer, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. Code can be seen here . The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container.
However, GHSA-f3fp-gc8g-vw66 was opened on runc mentioning that setting inherited caps in any case for tenant container can lead to elevation of capabilities. For this, they added a fix here where they never set new inherited caps on tenant, and set ambient caps only if original container had inherited caps.
Similarly crun never sets inherited caps as can be seen here.
[!NOTE] This does not affect youki binary itself, as the exec implementation is partially broken and does not pass on the user-provided caps to tenant containers, this is only applicable if you are using libcontainer directly and using the tenant builder.
Workarounds
- Do not pass any user-provided capabilities to the tenant builder, in which case no capabilities will be set on tenant.
- Alternatively you can verify the capabilities of original container and filter the user passed capabilities before setting them on tenant.
References
- https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66
- https://man7.org/linux/man-pages/man7/capabilities.7.html
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "libcontainer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-27612"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-21T15:18:28Z",
"nvd_published_at": "2025-03-21T15:15:42Z",
"severity": "MODERATE"
},
"details": "### Impact\nIn libcontainer, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. Code can be seen [here](https://github.com/youki-dev/youki/blob/9e63fa4da1672a78ca45100f3059a732784a5174/crates/libcontainer/src/container/tenant_builder.rs#L408) . The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container.\n\nHowever, GHSA-f3fp-gc8g-vw66 was opened on runc mentioning that setting inherited caps in any case for tenant container can lead to elevation of capabilities. For this, they added a fix [here](https://github.com/opencontainers/runc/blob/986451c24e17c8d4be3c454f60b1f7be4af3e8b4/exec.go#L234-L242) where they never set new inherited caps on tenant, and set ambient caps only if original container had inherited caps.\n\nSimilarly crun never sets inherited caps as can be seen [here](https://github.com/containers/crun/blob/3ec6298abd79e144fbf3fa6db90793ff4c0516f9/src/exec.c#L319).\n\n\u003e [!NOTE]\nThis does not affect youki binary itself, as the exec implementation is partially broken and does not pass on the user-provided caps to tenant containers, this is only applicable if you are using libcontainer directly and using the tenant builder.\n\n### Workarounds\n- Do not pass any user-provided capabilities to the tenant builder, in which case no capabilities will be set on tenant.\n- Alternatively you can verify the capabilities of original container and filter the user passed capabilities before setting them on tenant.\n\n### References\n- https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66\n- https://man7.org/linux/man-pages/man7/capabilities.7.html",
"id": "GHSA-5w4j-f78p-4wh9",
"modified": "2025-03-21T15:42:03Z",
"published": "2025-03-21T15:18:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66"
},
{
"type": "WEB",
"url": "https://github.com/youki-dev/youki/security/advisories/GHSA-5w4j-f78p-4wh9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27612"
},
{
"type": "WEB",
"url": "https://github.com/youki-dev/youki/commit/747e342d2026fbf3a395db3e2a491ebef00082f1"
},
{
"type": "WEB",
"url": "https://github.com/containers/crun/blob/3ec6298abd79e144fbf3fa6db90793ff4c0516f9/src/exec.c#L319"
},
{
"type": "WEB",
"url": "https://github.com/opencontainers/runc/blob/986451c24e17c8d4be3c454f60b1f7be4af3e8b4/exec.go#L234-L242"
},
{
"type": "PACKAGE",
"url": "https://github.com/youki-dev/youki"
},
{
"type": "WEB",
"url": "https://github.com/youki-dev/youki/blob/9e63fa4da1672a78ca45100f3059a732784a5174/crates/libcontainer/src/container/tenant_builder.rs#L408"
},
{
"type": "WEB",
"url": "https://man7.org/linux/man-pages/man7/capabilities.7.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Libcontainer is affected by capabilities elevation similar to GHSA-f3fp-gc8g-vw66"
}
GHSA-5WFX-4WQ5-V78R
Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2022-10-15 12:01Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
{
"affected": [],
"aliases": [
"CVE-2020-6495"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-03T23:15:00Z",
"severity": "MODERATE"
},
"details": "Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.",
"id": "GHSA-5wfx-4wq5-v78r",
"modified": "2022-10-15T12:01:03Z",
"published": "2022-05-24T17:19:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6495"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1072116"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202006-02"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4714"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5WRR-M725-W8JW
Vulnerability from github – Published: 2024-04-17 00:30 – Updated: 2024-04-26 09:30Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
{
"affected": [],
"aliases": [
"CVE-2024-21002"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-16T22:15:13Z",
"severity": "LOW"
},
"details": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).",
"id": "GHSA-5wrr-m725-w8jw",
"modified": "2024-04-26T09:30:33Z",
"published": "2024-04-17T00:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21002"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240426-0004"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
The architecture needs to access and modification attributes for files to only those users who actually require those actions.
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.