Read Time:33 Second
Description
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Confidentiality, Integrity: Read Application Data, Modify Application Data
Potential Mitigations
CVE References
- CVE-2002-2323
- Incorrect ACLs used when restoring backups from directories that use symbolic links.
- CVE-2001-1515
- Automatic modification of permissions inherited from another file system.
- CVE-2005-1920
- Permissions on backup file are created with defaults, possibly less secure than original file.
- CVE-2001-0195
- File is made world-readable when being cloned.