CWE-268 – Privilege Chaining
Description Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not...
CWE-269 – Improper Privilege Management
Description The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. Modes...
CWE-27 – Path Traversal: ‘dir/../../filename’
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal...
CWE-270 – Privilege Context Switching Error
Description The software does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control. Modes of...
CWE-271 – Privilege Dropping / Lowering Errors
Description The software does not drop privileges before passing control of a resource to an actor that does not have those privileges. In some contexts,...
CWE-272 – Least Privilege Violation
Description The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed. Modes of Introduction: -...
CWE-273 – Improper Check for Dropped Privileges
Description The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. If the drop fails, the...
CWE-274 – Improper Handling of Insufficient Privileges
Description The software does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses. Modes of Introduction:...
CWE-276 – Incorrect Default Permissions
Description During installation, installed file permissions are set to allow anyone to modify those files. Modes of Introduction: - Architecture and Design Likelihood of...
CWE-277 – Insecure Inherited Permissions
Description A product defines a set of insecure permissions that are inherited by objects that are created by the program. Modes of Introduction: - Architecture...