CWE-276
AllowedIncorrect Default Permissions
Abstraction: Base · Status: Draft
During installation, installed file permissions are set to allow anyone to modify those files.
2039 vulnerabilities reference this CWE, most recent first.
GHSA-MQFW-C7JJ-R9XJ
Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2023-02-01 18:30An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in �Authenticated Users� group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system.
{
"affected": [],
"aliases": [
"CVE-2019-19475"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-10T22:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in \ufffdAuthenticated Users\ufffd group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system.",
"id": "GHSA-mqfw-c7jj-r9xj",
"modified": "2023-02-01T18:30:24Z",
"published": "2022-05-24T22:28:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19475"
},
{
"type": "WEB",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19475.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MQRX-93H5-5X99
Vulnerability from github – Published: 2022-10-11 12:00 – Updated: 2022-10-12 12:00A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain administrative credentials on the target system in order to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-41748"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-10T21:15:00Z",
"severity": "MODERATE"
},
"details": "A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product\u0027s anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain administrative credentials on the target system in order to exploit this vulnerability.",
"id": "GHSA-mqrx-93h5-5x99",
"modified": "2022-10-12T12:00:24Z",
"published": "2022-10-11T12:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41748"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/solution/000291645"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MR6C-Q222-CJ77
Vulnerability from github – Published: 2024-07-28 03:30 – Updated: 2024-07-28 03:30The MSI installer for Splashtop Streamer for Windows before 3.6.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a version.dll file in the folder.
{
"affected": [],
"aliases": [
"CVE-2024-42053"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-28T03:15:02Z",
"severity": "HIGH"
},
"details": "The MSI installer for Splashtop Streamer for Windows before 3.6.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a version.dll file in the folder.",
"id": "GHSA-mr6c-q222-cj77",
"modified": "2024-07-28T03:30:47Z",
"published": "2024-07-28T03:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42053"
},
{
"type": "WEB",
"url": "https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/2.md"
},
{
"type": "WEB",
"url": "https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/18223802896539-Splashtop-Streamer-version-v3-6-0-0-for-Windows-released"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MRP2-G378-9WHC
Vulnerability from github – Published: 2025-04-05 03:30 – Updated: 2025-04-05 03:30The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
{
"affected": [],
"aliases": [
"CVE-2024-11088"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-21T14:15:08Z",
"severity": "MODERATE"
},
"details": "The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.",
"id": "GHSA-mrp2-g378-9whc",
"modified": "2025-04-05T03:30:32Z",
"published": "2025-04-05T03:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11088"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3190023/simple-membership"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c1558b08-a33b-4cf2-bacb-c88065f513cc?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MRX6-RGFC-X742
Vulnerability from github – Published: 2024-03-05 06:30 – Updated: 2024-03-05 06:30Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings.
{
"affected": [],
"aliases": [
"CVE-2024-20830"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-05T05:15:09Z",
"severity": "MODERATE"
},
"details": "Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings.",
"id": "GHSA-mrx6-rgfc-x742",
"modified": "2024-03-05T06:30:41Z",
"published": "2024-03-05T06:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20830"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-MV32-9MH3-Q74P
Vulnerability from github – Published: 2025-07-17 21:32 – Updated: 2025-07-17 21:32A vulnerability related to registry permissions in the Intercept X for Windows updater prior to version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade.
{
"affected": [],
"aliases": [
"CVE-2024-13972"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-17T19:15:24Z",
"severity": "HIGH"
},
"details": "A vulnerability related to registry permissions in the Intercept X for Windows updater prior to version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade.",
"id": "GHSA-mv32-9mh3-q74p",
"modified": "2025-07-17T21:32:13Z",
"published": "2025-07-17T21:32:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13972"
},
{
"type": "WEB",
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MV8Q-JR3C-HXP6
Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
{
"affected": [],
"aliases": [
"CVE-2020-26088"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-24T15:15:00Z",
"severity": "MODERATE"
},
"details": "A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.",
"id": "GHSA-mv8q-jr3c-hxp6",
"modified": "2022-05-24T17:29:26Z",
"published": "2022-05-24T17:29:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26088"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/26896f01467a28651f7a536143fe5ac8449d4041"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4578-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MVXP-VG38-GQ5C
Vulnerability from github – Published: 2022-07-08 00:00 – Updated: 2024-03-27 15:30When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended.
{
"affected": [],
"aliases": [
"CVE-2022-32207"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-07T13:15:00Z",
"severity": "CRITICAL"
},
"details": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.",
"id": "GHSA-mvxp-vg38-gq5c",
"modified": "2024-03-27T15:30:36Z",
"published": "2022-07-08T00:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32207"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1573634"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220915-0003"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213488"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW98-2GV2-MP63
Vulnerability from github – Published: 2026-04-03 09:30 – Updated: 2026-04-03 09:30Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse.
An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory.
This issue affects TETRA connectivity Server: 7.0.
Vulnerability fix is available and delivered to impacted customers.
{
"affected": [],
"aliases": [
"CVE-2025-7024"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-03T08:16:17Z",
"severity": "MODERATE"
},
"details": "Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse.\n\n\nAn attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory.\n\nThis issue affects TETRA connectivity Server: 7.0.\n\n\nVulnerability fix is available and delivered to impacted customers.",
"id": "GHSA-mw98-2gv2-mp63",
"modified": "2026-04-03T09:30:16Z",
"published": "2026-04-03T09:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7024"
},
{
"type": "WEB",
"url": "https://cwe.mitre.org/data/definitions/276.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MX2F-FX3V-GG7X
Vulnerability from github – Published: 2024-10-11 18:32 – Updated: 2024-10-11 18:32An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information.
On all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows
a low-privileged user can access sensitive information compromising the confidentiality of the system.
Junos OS Evolved:
- All versions before 20.4R3-S9-EVO,
- 21.2-EVO before 21.2R3-S7-EVO,
- 21.4-EVO before 21.4R3-S5-EVO,
- 22.1-EVO before 22.1R3-S5-EVO,
- 22.2-EVO before 22.2R3-S3-EVO,
- 22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO,
- 22.4-EVO before 22.4R3-EVO,
- 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO.
{
"affected": [],
"aliases": [
"CVE-2024-39544"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-11T16:15:07Z",
"severity": "MODERATE"
},
"details": "An\u00a0Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information.\n\n\n\nOn all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows \n\na low-privileged user can access sensitive information compromising the confidentiality of the system.\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n\n * All versions before 20.4R3-S9-EVO,\u00a0\n * 21.2-EVO before 21.2R3-S7-EVO,\u00a0\n * 21.4-EVO before 21.4R3-S5-EVO,\u00a0\n * 22.1-EVO before 22.1R3-S5-EVO,\u00a0\n * 22.2-EVO before 22.2R3-S3-EVO,\u00a0\n * 22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO,\u00a0\n * 22.4-EVO before 22.4R3-EVO,\u00a0\n * 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO.",
"id": "GHSA-mx2f-fx3v-gg7x",
"modified": "2024-10-11T18:32:49Z",
"published": "2024-10-11T18:32:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39544"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA88106"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-1
The architecture needs to access and modification attributes for files to only those users who actually require those actions.
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.