Tag Archives: CWE- 278

CWE-278 – Insecure Preserved Inherited Permissions

Read Time:27 Second

Description

A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-732

 

Consequences

Confidentiality, Integrity: Read Application Data, Modify Application Data

 

Potential Mitigations

Phase: Architecture and Design, Operation

Description: 

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Phase: Architecture and Design

Description: 

CVE References

  • CVE-2005-1724
    • Does not obey specified permissions when exporting.