CWE - CWE-275: Permission Issues (3.3)

Category ID: 275

Status: Draft

Summary

Weaknesses in this category are related to improper assignment or handling of permissions.

Membership

Nature	Type	ID	Name
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	264	Permissions, Privileges, and Access Controls
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	723	OWASP Top Ten 2004 Category A2 - Broken Access Control
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	731	OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
HasMember	Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.	276	Incorrect Default Permissions
HasMember	Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness.	277	Insecure Inherited Permissions
HasMember	Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness.	278	Insecure Preserved Inherited Permissions
HasMember	Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness.	279	Incorrect Execution-Assigned Permissions
HasMember	Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.	280	Improper Handling of Insufficient Permissions or Privileges
HasMember	Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.	281	Improper Preservation of Permissions
HasMember	Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.	618	Exposed Unsafe ActiveX Method
HasMember	Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness.	732	Incorrect Permission Assignment for Critical Resource

References

[REF-44] Michael Howard, David LeBlanc and John Viega. "24 Deadly Sins of Software Security". "Sin 17: Failure to Protect Stored Data." Page 253. McGraw-Hill. 2010.

Content History

Submissions
Submission Date	Submitter	Organization
	PLOVER

Modifications
Modification Date	Modifier	Organization
2008-09-08	CWE Content Team	MITRE
2008-09-08	updated Relationships, Taxonomy_Mappings
2009-01-12	CWE Content Team	MITRE
2009-01-12	updated Relationships
2012-05-11	CWE Content Team	MITRE
2012-05-11	updated References
2014-07-30	CWE Content Team	MITRE
2014-07-30	updated Detection_Factors
2017-11-08	CWE Content Team	MITRE
2017-11-08	updated Affected_Resources, Detection_Factors, Functional_Areas, Related_Attack_Patterns, Relationships
2018-03-27	CWE Content Team	MITRE
2018-03-27	updated Relationships

Common Weakness Enumeration

CWE CATEGORY: Permission Issues


	Use of the Common Weakness Enumeration and the associated references from this website are subject to the Terms of Use. For more information, please email cwe@mitre.org. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 2006-2019, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.	Privacy Policy Terms of Use Site Map Contact Us