Read Time:26 Second
Description
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Other: Varies by Context
Potential Mitigations
Phase: Architecture and Design, Operation
Description:
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Phase: Architecture and Design
Description:
CVE References
- CVE-2010-4624
- Bulletin board applies restrictions on number of images during post creation, but does not enforce this on editing.