Scope | Impact | Likelihood |
---|---|---|
Confidentiality Integrity | Read Application Data, Modify Application Data Note: An attacker could read and modify data for which they do not have permissions to access directly. |
Reference | Description |
---|---|
File system sets wrong ownership and group when creating a new file. | |
OS installs program with bin owner/group, allowing modification. | |
Manager does not properly restore ownership of a reusable resource when a user logs out, allowing privilege escalation. | |
Backup software restores symbolic links with incorrect uid/gid. | |
Product changes the ownership of files that a symlink points to, instead of the symlink itself. | |
Component assigns ownership of sensitive directory tree to a user account, which can be leveraged to perform privileged operations. |
This overlaps verification errors, permissions, and privileges.
A closely related weakness is the incorrect assignment of groups to a resource. It is not clear whether it would fall under this entry or require a different entry.
Name | Organization | Date | Date Release | Version |
---|---|---|---|---|
CWE Content Team | MITRE | 1.0 |
Name | Organization | Date | Comment |
---|---|---|---|
Eric Dalci | Cigital | updated Potential_Mitigations, Time_of_Introduction | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Description | |
CWE Content Team | MITRE | updated Common_Consequences, Maintenance_Notes, Other_Notes | |
CWE Content Team | MITRE | updated Common_Consequences, Relationships | |
CWE Content Team | MITRE | updated Observed_Examples, Potential_Mitigations | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Applicable_Platforms, Modes_of_Introduction, Relationships | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Description | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Mapping_Notes |