CWE-281
AllowedImproper Preservation of Permissions
Abstraction: Base · Status: Draft
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
432 vulnerabilities reference this CWE, most recent first.
GHSA-MJ5V-92GQ-PG5Q
Vulnerability from github – Published: 2025-06-08 12:30 – Updated: 2025-06-08 12:30in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
{
"affected": [],
"aliases": [
"CVE-2025-26693"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-08T12:15:22Z",
"severity": "LOW"
},
"details": "in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.",
"id": "GHSA-mj5v-92gq-pg5q",
"modified": "2025-06-08T12:30:33Z",
"published": "2025-06-08T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26693"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MMH3-P6QG-XHW2
Vulnerability from github – Published: 2024-08-12 15:30 – Updated: 2024-08-12 15:30A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.
{
"affected": [],
"aliases": [
"CVE-2024-22121"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-12T13:38:16Z",
"severity": "MODERATE"
},
"details": "A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.",
"id": "GHSA-mmh3-p6qg-xhw2",
"modified": "2024-08-12T15:30:49Z",
"published": "2024-08-12T15:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22121"
},
{
"type": "WEB",
"url": "https://support.zabbix.com/browse/ZBX-25011"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-MPGW-PWQR-Q9JP
Vulnerability from github – Published: 2021-12-08 00:01 – Updated: 2022-05-04 00:00World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.
{
"affected": [],
"aliases": [
"CVE-2021-44512"
],
"database_specific": {
"cwe_ids": [
"CWE-281",
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-07T03:15:00Z",
"severity": "HIGH"
},
"details": "World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.",
"id": "GHSA-mpgw-pwqr-q9jp",
"modified": "2022-05-04T00:00:57Z",
"published": "2021-12-08T00:01:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44512"
},
{
"type": "WEB",
"url": "https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2021/12/06/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MQMR-QQ67-C6HJ
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-05-24 19:04Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the "Authenticated Users Group" which grants the (F) Flag aka "Full Control"
{
"affected": [],
"aliases": [
"CVE-2020-27383"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-09T19:15:00Z",
"severity": "HIGH"
},
"details": "Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an \"Authenticated User\" to modify the existing executable file with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the \"Authenticated Users Group\" which grants the (F) Flag aka \"Full Control\"",
"id": "GHSA-mqmr-qq67-c6hj",
"modified": "2022-05-24T19:04:28Z",
"published": "2022-05-24T19:04:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27383"
},
{
"type": "WEB",
"url": "https://github.com/FreySolarEye/CVE/blob/master/Battle%20Net%20Launcher%20Local%20Privilege%20Escalation"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MV55-23XP-3WP8
Vulnerability from github – Published: 2021-06-08 20:09 – Updated: 2021-06-15 19:56An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kiali operand) to use this vulnerability and deploy a given image to anywhere in the cluster, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/kiali/kiali"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.33.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-3495"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": true,
"github_reviewed_at": "2021-06-02T20:54:29Z",
"nvd_published_at": "2021-06-01T14:15:00Z",
"severity": "HIGH"
},
"details": "An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kiali operand) to use this vulnerability and deploy a given image to anywhere in the cluster, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"id": "GHSA-mv55-23xp-3wp8",
"modified": "2021-06-15T19:56:20Z",
"published": "2021-06-08T20:09:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3495"
},
{
"type": "WEB",
"url": "https://github.com/kiali/kiali-operator/pull/278"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947361"
},
{
"type": "WEB",
"url": "https://kiali.io/news/security-bulletins/kiali-security-003"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Access control flaw in Kiali"
}
GHSA-MV64-86G8-CQQ7
Vulnerability from github – Published: 2024-04-25 18:30 – Updated: 2024-04-25 23:34A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.quarkus.resteasy.reactive:resteasy-reactive"
},
"ranges": [
{
"events": [
{
"introduced": "3.8.0.CR1"
},
{
"fixed": "3.8.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.8.0.CR1"
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.quarkus.resteasy.reactive:resteasy-reactive"
},
"ranges": [
{
"events": [
{
"introduced": "3.3.0.CR1"
},
{
"fixed": "3.7.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.quarkus.resteasy.reactive:resteasy-reactive"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.11.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-1726"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-25T23:34:44Z",
"nvd_published_at": "2024-04-25T17:15:48Z",
"severity": "MODERATE"
},
"details": "A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service.",
"id": "GHSA-mv64-86g8-cqq7",
"modified": "2024-04-25T23:34:44Z",
"published": "2024-04-25T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1726"
},
{
"type": "WEB",
"url": "https://github.com/quarkusio/quarkus/commit/34c1a63baf5401d0d578a23a1a4deb4b841ce65b"
},
{
"type": "WEB",
"url": "https://github.com/quarkusio/quarkus/commit/96d93427f3b4a7d3cff34d8b7b883e13cecd359c"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1662"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-1726"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265158"
},
{
"type": "PACKAGE",
"url": "https://github.com/quarkusio/quarkus"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Quarkus: security checks in resteasy reactive may trigger a denial of service"
}
GHSA-MVFF-H3CJ-WJ9C
Vulnerability from github – Published: 2022-01-06 17:36 – Updated: 2022-04-04 20:40Impact
Containers launched through containerd’s CRI implementation on Linux systems which use the SELinux security module and containerd versions since v1.5.0 can cause arbitrary files and directories on the host to be relabeled to match the container process label through the use of specially-configured bind mounts in a hostPath volume. This relabeling elevates permissions for the container, granting full read/write access over the affected files and directories. Kubernetes and crictl can both be configured to use containerd’s CRI implementation.
If you are not using containerd’s CRI implementation (through one of the mechanisms described above), you are not affected by this issue.
Patches
This bug has been fixed in containerd 1.5.9. Because file labels persist independently of containerd, users should both update to these versions as soon as they are released and validate that all files on their host are correctly labeled.
Workarounds
Ensure that no sensitive files or directories are used as a hostPath volume source location. Policy enforcement mechanisms such a Kubernetes Pod Security Policy AllowedHostPaths may be specified to limit the files and directories that can be bind-mounted to containers.
For more information
If you have any questions or comments about this advisory:
- Open an issue in containerd
- Email us at security@containerd.io
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/containerd/containerd"
},
"ranges": [
{
"events": [
{
"introduced": "1.5.0"
},
{
"fixed": "1.5.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-43816"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-05T21:09:16Z",
"nvd_published_at": "2022-01-05T19:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\nContainers launched through containerd\u2019s CRI implementation on Linux systems which use the SELinux security module and containerd versions since v1.5.0 can cause arbitrary files and directories on the host to be relabeled to match the container process label through the use of specially-configured bind mounts in a hostPath volume. This relabeling elevates permissions for the container, granting full read/write access over the affected files and directories. Kubernetes and crictl can both be configured to use containerd\u2019s CRI implementation.\n\nIf you are not using containerd\u2019s CRI implementation (through one of the mechanisms described above), you are not affected by this issue.\n\n### Patches\n\nThis bug has been fixed in containerd 1.5.9. Because file labels persist independently of containerd, users should both update to these versions as soon as they are released and validate that all files on their host are correctly labeled.\n\n### Workarounds\n\nEnsure that no sensitive files or directories are used as a hostPath volume source location. Policy enforcement mechanisms such a Kubernetes Pod Security Policy [AllowedHostPaths](https://kubernetes.io/docs/concepts/policy/pod-security-policy/#volumes-and-file-systems) may be specified to limit the files and directories that can be bind-mounted to containers.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)",
"id": "GHSA-mvff-h3cj-wj9c",
"modified": "2022-04-04T20:40:33Z",
"published": "2022-01-06T17:36:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43816"
},
{
"type": "WEB",
"url": "https://github.com/containerd/containerd/issues/6194"
},
{
"type": "WEB",
"url": "https://github.com/containerd/containerd/commit/a731039238c62be081eb8c31525b988415745eea"
},
{
"type": "WEB",
"url": "https://github.com/dweomer/containerd/commit/f7f08f0e34fb97392b0d382e58916d6865100299"
},
{
"type": "PACKAGE",
"url": "https://github.com/containerd/containerd"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD5GH7NMK5VJMA2Y5CYB5O5GTPYMWMLX"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPDIZMI7ZPERSZE2XO265UCK5IWM7CID"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux"
}
GHSA-MWFM-4FRV-J42H
Vulnerability from github – Published: 2022-08-18 00:00 – Updated: 2022-08-19 00:00An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.
{
"affected": [],
"aliases": [
"CVE-2022-31262"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-17T15:15:00Z",
"severity": "HIGH"
},
"details": "An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.",
"id": "GHSA-mwfm-4frv-j42h",
"modified": "2022-08-19T00:00:19Z",
"published": "2022-08-18T00:00:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31262"
},
{
"type": "WEB",
"url": "https://github.com/secure-77/CVE-2022-31262"
},
{
"type": "WEB",
"url": "https://secure77.de/category/subjects/researches"
},
{
"type": "WEB",
"url": "https://secure77.de/gog-galaxy-cve-2022-31262"
},
{
"type": "WEB",
"url": "https://www.youtube.com/watch?v=Bgdbx5TJShI"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MX8H-PMQV-8C67
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
{
"affected": [],
"aliases": [
"CVE-2013-6335"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-08-26T10:55:00Z",
"severity": "LOW"
},
"details": "The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.",
"id": "GHSA-mx8h-pmqv-8c67",
"modified": "2022-05-13T01:14:00Z",
"published": "2022-05-13T01:14:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6335"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89054"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60482"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680453"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MXCM-W7FM-9QR2
Vulnerability from github – Published: 2024-04-09 21:32 – Updated: 2024-11-04 18:31Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.
{
"affected": [],
"aliases": [
"CVE-2024-3545"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-09T19:15:41Z",
"severity": "MODERATE"
},
"details": "Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.\n\n",
"id": "GHSA-mxcm-w7fm-9qr2",
"modified": "2024-11-04T18:31:17Z",
"published": "2024-04-09T21:32:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3545"
},
{
"type": "WEB",
"url": "https://devolutions.net/security/advisories/DEVO-2024-0006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.