Common Weakness Enumeration

CWE-276

Allowed

Incorrect Default Permissions

Abstraction: Base · Status: Draft

During installation, installed file permissions are set to allow anyone to modify those files.

2034 vulnerabilities reference this CWE, most recent first.

GHSA-WR54-8XF4-92P3

Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53
VLAI
Details

An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product's files because of weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7535"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-13T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product\u0027s files because of weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product.",
  "id": "GHSA-wr54-8xf4-92p3",
  "modified": "2022-05-13T01:53:23Z",
  "published": "2022-05-13T01:53:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7535"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2018/Jul/54"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WRFQ-HRW9-9RM3

Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35
VLAI
Details

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-11867"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-30T22:15:00Z",
    "severity": "LOW"
  },
  "details": "Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.",
  "id": "GHSA-wrfq-hrw9-9rm3",
  "modified": "2022-05-24T17:35:05Z",
  "published": "2022-05-24T17:35:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11867"
    },
    {
      "type": "WEB",
      "url": "https://github.com/audacity/audacity/releases"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MG5PSF4CJ7UPMJHWX553EG3P2XN3PAYI"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKK3S2QBXBHOFOQMXMGY5QAKVUWUX2YY"
    },
    {
      "type": "WEB",
      "url": "https://salvatoresecurity.com/the-many-perils-of-tmp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-WRFV-Q4V6-CW3X

Vulnerability from github – Published: 2024-08-07 09:31 – Updated: 2024-10-11 15:30
VLAI
Details

CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that affects Apache CloudStack versions 4.10.0 up to 4.19.1.0, domain admin accounts were found to be able to query all registered account-users API and secret keys in an environment, including that of a root admin. An attacker who has domain admin access can exploit this to gain root admin and other-account privileges and perform malicious operations that can result in compromise of resources integrity and confidentiality, data loss, denial of service and availability of CloudStack managed infrastructure.

Users are recommended to upgrade to Apache CloudStack 4.18.2.3 or 4.19.1.1, or later, which addresses this issue. Additionally, all account-user API and secret keys should be regenerated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42062"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-276",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-07T08:16:12Z",
    "severity": "HIGH"
  },
  "details": "CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can\u00a0generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations.\u00a0Due to an access permission validation issue that affects Apache CloudStack versions 4.10.0 up to 4.19.1.0, domain admin accounts were found to be able to query all registered account-users API and secret keys in an environment, including that of a root admin.\u00a0An attacker who has domain admin access can exploit this to gain root admin and other-account privileges and perform malicious operations that can result in compromise of resources integrity and confidentiality, data loss,\u00a0denial of service\u00a0and availability of CloudStack managed infrastructure.\n\nUsers are recommended to upgrade to Apache CloudStack 4.18.2.3 or 4.19.1.1, or later, which addresses this issue.\u00a0Additionally, all account-user API and secret keys should be regenerated.",
  "id": "GHSA-wrfv-q4v6-cw3x",
  "modified": "2024-10-11T15:30:32Z",
  "published": "2024-08-07T09:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42062"
    },
    {
      "type": "WEB",
      "url": "https://cloudstack.apache.org/blog/security-release-advisory-4.19.1.1-4.18.2.3"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/lxqtfd6407prbw3801hb4fz3ot3t8wlj"
    },
    {
      "type": "WEB",
      "url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-3-and-4-19-1-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WRG8-R7Q6-V974

Vulnerability from github – Published: 2025-07-31 00:31 – Updated: 2025-08-05 21:31
VLAI
Details

CVE-2025-49084 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access can overwrite policy rules without the requisite permissions. The attack complexity is low, attack requirements are present, privileges required are high and no user interaction is required. There is no impact to confidentiality, the impact to integrity is low, and there is no impact to availability. The impact to confidentiality and availability of subsequent systems is high and the impact to the integrity of subsequent systems is low.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49084"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-31T00:15:27Z",
    "severity": "MODERATE"
  },
  "details": "CVE-2025-49084 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess can overwrite policy rules without the requisite permissions. The attack\ncomplexity is low, attack requirements are present, privileges required are\nhigh and no user interaction is required. There is no impact to\nconfidentiality, the impact to integrity is low, and there is no impact to\navailability. The impact to confidentiality and availability of subsequent systems\nis high and the impact to the integrity of subsequent systems is low.",
  "id": "GHSA-wrg8-r7q6-v974",
  "modified": "2025-08-05T21:31:26Z",
  "published": "2025-07-31T00:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49084"
    },
    {
      "type": "WEB",
      "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49084"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-WRGM-P49W-3HH3

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17
VLAI
Details

ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42055"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-18T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.",
  "id": "GHSA-wrgm-p49w-3hh3",
  "modified": "2022-05-24T19:17:45Z",
  "published": "2022-05-24T19:17:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42055"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-WRJQ-FHGM-M346

Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2022-05-24 17:33
VLAI
Details

SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-26807"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-10T17:15:00Z",
    "severity": "LOW"
  },
  "details": "SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder.",
  "id": "GHSA-wrjq-fhgm-m346",
  "modified": "2022-05-24T17:33:59Z",
  "published": "2022-05-24T17:33:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26807"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/2971112"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-WRXF-X8RM-6GGG

Vulnerability from github – Published: 2023-04-04 15:30 – Updated: 2025-06-23 14:22
VLAI
Summary
Fluent Fluentd and Fluent-ui use default password
Details

An issue was discovered in Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "fluentd-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-21514"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-11T18:59:49Z",
    "nvd_published_at": "2023-04-04T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password.",
  "id": "GHSA-wrxf-x8rm-6ggg",
  "modified": "2025-06-23T14:22:27Z",
  "published": "2023-04-04T15:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21514"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fluent/fluentd-ui/issues/295"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fluent/fluentd/issues/2722"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/fluent/fluentd-ui"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fluentd-ui/CVE-2020-21514.yml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Fluent Fluentd and Fluent-ui use default password"
}

GHSA-WVRJ-CR9G-752F

Vulnerability from github – Published: 2026-04-10 03:31 – Updated: 2026-04-10 03:31
VLAI
Details

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability

This issue affects MagicINFO 9 Server: less than 21.1091.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-25203"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-10T02:16:02Z",
    "severity": "HIGH"
  },
  "details": "Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability\n\n\nThis issue affects MagicINFO 9 Server: less than 21.1091.1.",
  "id": "GHSA-wvrj-cr9g-752f",
  "modified": "2026-04-10T03:31:10Z",
  "published": "2026-04-10T03:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25203"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungtv.com/securityUpdates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WWC4-3PRX-5752

Vulnerability from github – Published: 2023-12-12 00:30 – Updated: 2023-12-14 18:30
VLAI
Details

An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3187"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-11T23:15:07Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)",
  "id": "GHSA-wwc4-3prx-5752",
  "modified": "2023-12-14T18:30:19Z",
  "published": "2023-12-12T00:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3187"
    },
    {
      "type": "WEB",
      "url": "https://www.beyondtrust.com/docs/release-notes/privilege-management/index.htm"
    },
    {
      "type": "WEB",
      "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-06"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WWCH-CMQR-HHRM

Vulnerability from github – Published: 2022-08-24 00:00 – Updated: 2024-11-26 16:10
VLAI
Summary
ansible-runner has default temporary files written to world R/W locations
Details

A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ansible-runner"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-3701"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-01T22:18:53Z",
    "nvd_published_at": "2022-08-23T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity.",
  "id": "GHSA-wwch-cmqr-hhrm",
  "modified": "2024-11-26T16:10:02Z",
  "published": "2022-08-24T00:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3701"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ansible/ansible-runner/issues/738"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ansible/ansible-runner/pull/742"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ansible/ansible-runner/pull/742/commits"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2021-3701"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977959"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ansible/ansible-runner"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible-runner/PYSEC-2022-43067.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "ansible-runner has default temporary files written to world R/W locations"
}

Mitigation MIT-1
Architecture and Design Operation

The architecture needs to access and modification attributes for files to only those users who actually require those actions.

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-81: Web Server Logs Tampering

Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.