Common Weakness Enumeration

CWE-276

Allowed

Incorrect Default Permissions

Abstraction: Base · Status: Draft

During installation, installed file permissions are set to allow anyone to modify those files.

2034 vulnerabilities reference this CWE, most recent first.

GHSA-3WR5-8397-GQC8

Vulnerability from github – Published: 2023-09-15 15:30 – Updated: 2024-04-04 07:42
VLAI
Details

The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3466"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-15T14:15:08Z",
    "severity": "MODERATE"
  },
  "details": "The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.",
  "id": "GHSA-3wr5-8397-gqc8",
  "modified": "2024-04-04T07:42:21Z",
  "published": "2023-09-15T15:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3466"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2022:7398"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3466"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134063"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3WV8-Q6G7-7FRH

Vulnerability from github – Published: 2025-01-07 21:30 – Updated: 2025-01-08 15:31
VLAI
Details

An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-41572"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-07T20:15:27Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server.",
  "id": "GHSA-3wv8-q6g7-7frh",
  "modified": "2025-01-08T15:31:10Z",
  "published": "2025-01-07T21:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41572"
    },
    {
      "type": "WEB",
      "url": "https://github.com/EyesOfNetworkCommunity/eonweb/issues/120"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Orange-Cyberdefense/CVE-repository"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3WWX-63FV-PFQ6

Vulnerability from github – Published: 2024-10-21 19:03 – Updated: 2024-10-21 21:41
VLAI
Summary
Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present
Details

Impact

A policy rule denying a prefix that is broader than /32 may be ignored if there is

  • A policy rule referencing a more narrow prefix (CIDRSet or toFQDN) and
  • This narrower policy rule specifies either enableDefaultDeny: false or - toEntities: all

Note that a rule specifying toEntities: world or toEntities: 0.0.0.0/0 is insufficient, it must be to entity all.

As an example, given the below policies, traffic is allowed to 1.1.1.2, when it should be denied:

apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
  name: block-scary-range
spec:
  endpointSelector: {}
  egressDeny:
  - toCIDRSet:
    - cidr: 1.0.0.0/8

---

apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
  name: evade-deny
spec:
  endpointSelector: {}
  egress:
  - toCIDR:
    - 1.1.1.2/32
  - toEntities:
    - all

Patches

This issue affects:

  • Cilium v1.14 between v1.14.0 and v1.14.15 inclusive
  • Cilium v1.15 between v1.15.0 and v1.15.9 inclusive

This issue has been patched in:

  • Cilium v1.14.16
  • Cilium v1.15.10

Workarounds

Users with policies using enableDefaultDeny: false can work around this issue by removing this configuration option and explicitly defining any allow rules required.

No workaround is available to users with egress policies that explicitly specify toEntities: all.

Acknowledgements

The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @squeed, @christarazi, and @jrajahalme for their work in triaging and resolving this issue.

For more information

If you have any questions or comments about this advisory, please reach out on Slack.

If you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at security@cilium.io. This is a private mailing list for the Cilium security team, and your report will be treated with top priority.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.15.0"
            },
            {
              "fixed": "1.15.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.14.0"
            },
            {
              "fixed": "1.14.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-47825"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1038",
      "CWE-276"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-21T19:03:47Z",
    "nvd_published_at": "2024-10-21T19:15:03Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nA policy rule denying a prefix that is broader than /32 may be ignored if there is\n\n- A policy rule referencing a more narrow prefix (`CIDRSet` or `toFQDN`) **and**\n- This narrower policy rule specifies either `enableDefaultDeny: false` or `- toEntities: all`\n\nNote that a rule specifying `toEntities: world` or `toEntities: 0.0.0.0/0` is insufficient, it must be to entity `all`.\n\nAs an example, given the below policies, traffic is allowed to 1.1.1.2, when it should be denied:\n\n```\napiVersion: cilium.io/v2\nkind: CiliumClusterwideNetworkPolicy\nmetadata:\n  name: block-scary-range\nspec:\n  endpointSelector: {}\n  egressDeny:\n  - toCIDRSet:\n    - cidr: 1.0.0.0/8\n\n---\n\napiVersion: cilium.io/v2\nkind: CiliumNetworkPolicy\nmetadata:\n  name: evade-deny\nspec:\n  endpointSelector: {}\n  egress:\n  - toCIDR:\n    - 1.1.1.2/32\n  - toEntities:\n    - all\n```\n\n### Patches\n\nThis issue affects:\n\n- Cilium v1.14 between v1.14.0 and v1.14.15 inclusive\n- Cilium v1.15 between v1.15.0 and v1.15.9 inclusive\n\nThis issue has been patched in:\n\n- Cilium v1.14.16\n- Cilium v1.15.10\n\n### Workarounds\n\nUsers with policies using `enableDefaultDeny: false` can work around this issue by removing this configuration option and explicitly defining any allow rules required.\n\nNo workaround is available to users with egress policies that explicitly specify `toEntities: all`.\n\n### Acknowledgements\n\nThe Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @squeed, @christarazi, and @jrajahalme for their work in triaging and resolving this issue.\n\n### For more information\n\nIf you have any questions or comments about this advisory, please reach out on [Slack](https://docs.cilium.io/en/latest/community/community/#slack).\n\nIf you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at [security@cilium.io](mailto:security@cilium.io). This is a private mailing list for the Cilium security team, and your report will be treated with top priority.\n",
  "id": "GHSA-3wwx-63fv-pfq6",
  "modified": "2024-10-21T21:41:15Z",
  "published": "2024-10-21T19:03:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-3wwx-63fv-pfq6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47825"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/commit/02d28d9ac9afcaddd301fae6fb4d6cda8c2d0c45"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/commit/9c01afb5646af3f0c696421a410dc66c513b6524"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cilium/cilium"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cilium\u0027s CIDR deny policies may not take effect when a more narrow CIDR allow is present"
}

GHSA-3X46-FHQ4-2CP2

Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 18:30
VLAI
Details

In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-47450"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-12T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.",
  "id": "GHSA-3x46-fhq4-2cp2",
  "modified": "2023-02-21T18:30:25Z",
  "published": "2023-02-12T06:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47450"
    },
    {
      "type": "WEB",
      "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1621031430231134210"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3X57-7R9M-7XWV

Vulnerability from github – Published: 2022-01-29 00:00 – Updated: 2022-04-20 00:01
VLAI
Details

A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40396"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-28T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.",
  "id": "GHSA-3x57-7r9m-7xwv",
  "modified": "2022-04-20T00:01:46Z",
  "published": "2022-01-29T00:00:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40396"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1408"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3XG5-V3R3-XVCQ

Vulnerability from github – Published: 2022-02-26 00:00 – Updated: 2022-03-05 00:00
VLAI
Details

In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-24337"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-25T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.",
  "id": "GHSA-3xg5-v3r3-xvcq",
  "modified": "2022-03-05T00:00:54Z",
  "published": "2022-02-26T00:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24337"
    },
    {
      "type": "WEB",
      "url": "https://blog.jetbrains.com"
    },
    {
      "type": "WEB",
      "url": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3XMM-R55R-F598

Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-05-24 19:13
VLAI
Details

The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may allow shortcuts to access restricted files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1831"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-08T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may allow shortcuts to access restricted files.",
  "id": "GHSA-3xmm-r55r-f598",
  "modified": "2022-05-24T19:13:36Z",
  "published": "2022-05-24T19:13:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1831"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212317"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3XQW-R49F-5RJ8

Vulnerability from github – Published: 2026-04-21 21:31 – Updated: 2026-04-21 21:31
VLAI
Details

HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attackers who gain access through the channel layer can remotely manage plugin trust and activation state, enabling unauthorized plugin installation and activation on the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6819"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-21T20:17:05Z",
    "severity": "HIGH"
  },
  "details": "HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attackers who gain access through the channel layer can remotely manage plugin trust and activation state, enabling unauthorized plugin installation and activation on the system.",
  "id": "GHSA-3xqw-r49f-5rj8",
  "modified": "2026-04-21T21:31:24Z",
  "published": "2026-04-21T21:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6819"
    },
    {
      "type": "WEB",
      "url": "https://github.com/HKUDS/OpenHarness/pull/156"
    },
    {
      "type": "WEB",
      "url": "https://github.com/HKUDS/OpenHarness/commit/59017e09880fcf9a6f60456a84fb982900b2c0b2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/HKUDS/OpenHarness/releases/tag/v0.1.7"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/hkuds-openharness-plugin-management-command-exposure"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3XRV-6GJW-8G8C

Vulnerability from github – Published: 2023-01-04 12:30 – Updated: 2023-01-10 18:30
VLAI
Details

In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39084"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276",
      "CWE-77",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-04T10:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.",
  "id": "GHSA-3xrv-6gjw-8g8c",
  "modified": "2023-01-10T18:30:27Z",
  "published": "2023-01-04T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39084"
    },
    {
      "type": "WEB",
      "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3XXR-VFGJ-3GW3

Vulnerability from github – Published: 2022-08-11 00:00 – Updated: 2022-08-13 00:00
VLAI
Details

In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315529

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20348"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-10T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315529",
  "id": "GHSA-3xxr-vfgj-3gw3",
  "modified": "2022-08-13T00:00:53Z",
  "published": "2022-08-11T00:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20348"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2022-08-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

The architecture needs to access and modification attributes for files to only those users who actually require those actions.

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-81: Web Server Logs Tampering

Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.