CWE-278 – Insecure Preserved Inherited Permissions
Description A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement. Modes...
CWE-277 – Insecure Inherited Permissions
Description A product defines a set of insecure permissions that are inherited by objects that are created by the program. Modes of Introduction: - Architecture...
CWE-276 – Incorrect Default Permissions
Description During installation, installed file permissions are set to allow anyone to modify those files. Modes of Introduction: - Architecture and Design Likelihood of...
CWE-274 – Improper Handling of Insufficient Privileges
Description The software does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses. Modes of Introduction:...
CWE-273 – Improper Check for Dropped Privileges
Description The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. If the drop fails, the...
CWE-272 – Least Privilege Violation
Description The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed. Modes of Introduction: -...
CWE-271 – Privilege Dropping / Lowering Errors
Description The software does not drop privileges before passing control of a resource to an actor that does not have those privileges. In some contexts,...
CWE-270 – Privilege Context Switching Error
Description The software does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control. Modes of...
CWE-27 – Path Traversal: ‘dir/../../filename’
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal...
CWE-269 – Improper Privilege Management
Description The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. Modes...