CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.7)  

Presentation Filter:

CWE-275: Permission Issues

 
Permission Issues
Category ID: 275 (Category)Status: Draft
+ Description

Description Summary

Weaknesses in this category are related to improper assignment or handling of permissions.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory264Permissions, Privileges, and Access Controls
Development Concepts (primary)699
ChildOfCategoryCategory632Weaknesses that Affect Files or Directories
Resource-specific Weaknesses (primary)631
ChildOfCategoryCategory723OWASP Top Ten 2004 Category A2 - Broken Access Control
Weaknesses in OWASP Top Ten (2004) (primary)711
ChildOfCategoryCategory731OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
Weaknesses in OWASP Top Ten (2004)711
RequiredByCompound Element: CompositeCompound Element: Composite61UNIX Symbolic Link (Symlink) Following
Research Concepts1000
RequiredByCompound Element: CompositeCompound Element: Composite426Untrusted Search Path
Research Concepts1000
ParentOfWeakness VariantWeakness Variant276Incorrect Default Permissions
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant277Insecure Inherited Permissions
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant278Insecure Preserved Inherited Permissions
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant279Incorrect Execution-Assigned Permissions
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base280Improper Handling of Insufficient Permissions or Privileges
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base281Improper Preservation of Permissions
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base618Exposed Unsafe ActiveX Method
Development Concepts (primary)699
ParentOfCompound Element: CompositeCompound Element: Composite689Permission Race Condition During Resource Copy
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class732Incorrect Permission Assignment for Critical Resource
Development Concepts (primary)699
+ Affected Resources
  • File/Directory
+ Functional Areas
  • File processing, non-specific.
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERPermission errors
OWASP Top Ten 2004A2Broken Access Control
OWASP Top Ten 2004A10Insecure Configuration Management
+ References
[REF-17] Michael Howard, David LeBlanc and John Viega. "24 Deadly Sins of Software Security". "Sin 17: Failure to Protect Stored Data." Page 253. McGraw-Hill. 2010.
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
Externally Mined
Modifications
Modification DateModifierOrganizationSource
2008-09-08MITREInternal
updated Relationships, Taxonomy_Mappings
2009-01-12MITREInternal
updated Relationships
2012-05-11MITREInternal
updated References
Page Last Updated: June 23, 2014