|
|
|
|
CWE-279 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 279 (Weakness Variant) | | Description | Summary A product, while it is executing, changes the permissions of an object in an insecure way
that cannot be controlled by the user. | | Potential Mitigations | Very carefully manage the setting, management and handling of permissions. Explicitly
manage trust zones in the software. Design: Ensure that appropriate compartmentalization is built into the system design
and that the compartmentalization serves to allow for and further reinforce privilege
separation functionality. Architects and designers should rely on the principle of least
privilege to decide when it is appropriate to use and to drop system privileges. | | Observed Examples | | | Relationships | | | Source Taxonomies | PLOVER - Insecure execution-assigned permissions | | Applicable Platforms | All | | Related Attack Patterns | | CAPEC-ID | Attack Pattern Name |
|---|
| 81 | Web Logs Tampering | | 19 | Embedding Scripts within Scripts |
|
|
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated
