CWE-281 - Improper Preservation of Permissions

Read Time:33 Second

Description

The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Modes of Introduction:

– Architecture and Design

Related Weaknesses

CWE-732
CWE-732

Consequences

Confidentiality, Integrity: Read Application Data, Modify Application Data

Potential Mitigations

CVE References

CVE-2002-2323
- Incorrect ACLs used when restoring backups from directories that use symbolic links.

CVE-2001-1515
- Automatic modification of permissions inherited from another file system.

CVE-2005-1920
- Permissions on backup file are created with defaults, possibly less secure than original file.

CVE-2001-0195
- File is made world-readable when being cloned.

Cyber Security News

CWE-281 – Improper Preservation of Permissions

Description

Related Weaknesses

Consequences

Potential Mitigations

CVE References

News, Advisories and much more