Modes Of Introduction
Implementation
Operation
Applicable Platforms
Language
Class: Not Language-Specific (Undetermined)
Common Consequences
Scope |
Impact |
Likelihood |
Access Control | Gain Privileges or Assume Identity | |
Observed Examples
Reference |
Description |
CVE-1999-1193 | Operating system assigns user to privileged wheel group, allowing the user to gain root privileges. |
CVE-2010-3716 | Chain: drafted web request allows the creation of users with arbitrary group membership. |
CVE-2008-5397 | Chain: improper processing of configuration options causes users to contain unintended group memberships. |
CVE-2007-6644 | CMS does not prevent remote administrators from promoting other users to the administrator group, in violation of the intended security model. |
CVE-2007-3260 | Product assigns members to the root group, allowing escalation of privileges. |
CVE-2002-0080 | Chain: daemon does not properly clear groups before dropping privileges. |
Vulnerability Mapping Notes
Rationale : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comments : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Submission
Name |
Organization |
Date |
Date Release |
Version |
CWE Content Team |
MITRE |
2011-03-24 +00:00 |
2011-03-30 +00:00 |
1.12 |
Modifications
Name |
Organization |
Date |
Comment |
CWE Content Team |
MITRE |
2011-06-01 +00:00 |
updated Common_Consequences |
CWE Content Team |
MITRE |
2020-02-24 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2023-01-31 +00:00 |
updated Description |
CWE Content Team |
MITRE |
2023-04-27 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2023-06-29 +00:00 |
updated Mapping_Notes |