Common Weakness Enumeration

CWE-277

Allowed

Insecure Inherited Permissions

Abstraction: Variant · Status: Draft

A product defines a set of insecure permissions that are inherited by objects that are created by the program.

116 vulnerabilities reference this CWE, most recent first.

GHSA-R9MC-9QW4-QM7R

Vulnerability from github – Published: 2023-03-21 15:30 – Updated: 2025-02-26 18:30
VLAI
Details

Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-27842"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-21T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent",
  "id": "GHSA-r9mc-9qw4-qm7r",
  "modified": "2025-02-26T18:30:36Z",
  "published": "2023-03-21T15:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27842"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tristao-marinho/CVE-2023-27842"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tristao-marinho/CVE-2023-27842/blob/main/README.md"
    },
    {
      "type": "WEB",
      "url": "http://blog.tristaomarinho.com/extplorer-2-1-15-insecure-permissions-following-remote-code-execution"
    },
    {
      "type": "WEB",
      "url": "http://extplorer.net"
    },
    {
      "type": "WEB",
      "url": "http://extplorer.net/attachments/download/99/eXtplorer_2.1.15.zip"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RPRH-6XCF-J66G

Vulnerability from github – Published: 2024-07-25 18:32 – Updated: 2024-08-01 15:32
VLAI
Details

Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36542"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277",
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-25T17:15:10Z",
    "severity": "HIGH"
  },
  "details": "Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account\u0027s token.",
  "id": "GHSA-rprh-6xcf-j66g",
  "modified": "2024-08-01T15:32:10Z",
  "published": "2024-07-25T18:32:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36542"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/HouqiyuA/e1685843b6f42b47dbf97e2e92e63428"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RRF3-MGV7-CW6M

Vulnerability from github – Published: 2026-05-08 00:31 – Updated: 2026-07-14 12:31
VLAI
Details

The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights are explicitly configured on that role. Anonymous users are required to make a Mendix Entity available publicly. All versions of Mendix Studio Pro up to 11.8.0 Beta silently make an Anonymous user role follow user inheritance rules, without mentioning this explicitly in the documentation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-7891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-07T22:16:37Z",
    "severity": "CRITICAL"
  },
  "details": "The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights are explicitly configured on that role. Anonymous users are required to make a Mendix Entity available publicly. All versions of Mendix Studio Pro up to 11.8.0 Beta silently make an Anonymous user role follow user inheritance rules, without mentioning this explicitly in the documentation.",
  "id": "GHSA-rrf3-mgv7-cw6m",
  "modified": "2026-07-14T12:31:12Z",
  "published": "2026-05-08T00:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7891"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-814963.html"
    },
    {
      "type": "WEB",
      "url": "https://csirt.divd.nl/DIVD-2026-00006"
    },
    {
      "type": "WEB",
      "url": "https://www.divd.nl/mendix.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-RRG9-XRW3-H9VV

Vulnerability from github – Published: 2022-05-24 22:01 – Updated: 2024-04-04 03:07
VLAI
Details

An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-5068"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277",
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-05T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.",
  "id": "GHSA-rrg9-xrw3-h9vv",
  "modified": "2024-04-04T03:07:21Z",
  "published": "2022-05-24T22:01:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5068"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4271-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V72Q-PR3V-F552

Vulnerability from github – Published: 2024-03-08 03:31 – Updated: 2026-04-02 21:31
VLAI
Details

This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-08T02:15:47Z",
    "severity": "HIGH"
  },
  "details": "This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.",
  "id": "GHSA-v72q-pr3v-f552",
  "modified": "2026-04-02T21:31:36Z",
  "published": "2024-03-08T03:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23233"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120895"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214084"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214084"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VQMP-P2V4-JVVQ

Vulnerability from github – Published: 2025-07-12 12:30 – Updated: 2025-07-12 12:30
VLAI
Details

IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive information from files due to the insecure permissions inherited through the SMB protocol.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36104"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277",
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-12T12:15:25Z",
    "severity": "MODERATE"
  },
  "details": "IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive information from files due to the insecure permissions inherited through the SMB protocol.",
  "id": "GHSA-vqmp-p2v4-jvvq",
  "modified": "2025-07-12T12:30:20Z",
  "published": "2025-07-12T12:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36104"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7239562"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VXPV-JC8R-M85P

Vulnerability from github – Published: 2023-11-14 21:31 – Updated: 2023-11-14 21:31
VLAI
Details

Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-34314"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277",
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-14T19:15:27Z",
    "severity": "MODERATE"
  },
  "details": "Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-vxpv-jc8r-m85p",
  "modified": "2023-11-14T21:31:02Z",
  "published": "2023-11-14T21:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34314"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00943.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VXX5-P9C9-297V

Vulnerability from github – Published: 2024-07-22 21:30 – Updated: 2025-02-06 21:32
VLAI
Details

Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.4 and earlier allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-34329"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277",
      "CWE-378"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-22T20:15:03Z",
    "severity": "HIGH"
  },
  "details": "Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.4 and earlier allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload.",
  "id": "GHSA-vxx5-p9c9-297v",
  "modified": "2025-02-06T21:32:09Z",
  "published": "2024-07-22T21:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34329"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pamoutaf/CVE-2024-34329/blob/main/README.md"
    },
    {
      "type": "WEB",
      "url": "https://www.entrust.com/ja/contact/services/downloads/drivers"
    },
    {
      "type": "WEB",
      "url": "https://www.entrust.com/sites/default/files/documentation/productsupport/entrust-security-bulletin-e24-004.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.entrust.com/support/instant-id-card-issuance-systems/ds3-direct-to-card-printer-support"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WM64-883P-84J3

Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2024-07-28 15:31
VLAI
Details

An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-14335"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276",
      "CWE-277",
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-24T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.",
  "id": "GHSA-wm64-883p-84j3",
  "modified": "2024-07-28T15:31:28Z",
  "published": "2022-05-13T01:19:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14335"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0727"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e@%3Cuser.ignite.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240726-0003"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/45105"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WM7X-WW72-R77Q

Vulnerability from github – Published: 2025-08-14 18:30 – Updated: 2025-08-14 19:37
VLAI
Summary
Information Disclosure in Amazon ECS Container Agent
Details

Summary Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. Amazon ECS container agent provides an introspection API that provides information about the overall state of the Amazon ECS agent and the container instances.

We identified CVE-2025-9039, an issue in the Amazon ECS agent.

Impact Under certain conditions, this issue could allow an introspection server to be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is hosted. This issue does not affect instances where the option to allow off-host access to the introspection server is set to 'false'.

Impacted versions: version 0.0.3 through 1.97.0

Patches This issue has been addressed in ECS agent version 1.97.1. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.

Workarounds Customers who cannot update to the latest AMI can modify the Amazon EC2 security groups to restrict incoming access to the introspection server port (51678).

References If you have any questions or comments about this advisory, we ask that you contact AWS Security via our vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.97.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/aws/amazon-ecs-agent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.3"
            },
            {
              "fixed": "1.97.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-9039"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-277"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-14T18:30:08Z",
    "nvd_published_at": "2025-08-14T17:15:42Z",
    "severity": "MODERATE"
  },
  "details": "**Summary**\n[Amazon Elastic Container Service (Amazon ECS)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html) is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. Amazon ECS container agent provides an [introspection API](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/introspection-diag.html) that provides information about the overall state of the Amazon ECS agent and the container instances. \n\nWe identified CVE-2025-9039, an issue in the Amazon ECS agent.\n\n**Impact**\nUnder certain conditions, this issue could allow an introspection server to be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is hosted. This issue does not affect instances where the option to allow off-host access to the introspection server is set to \u0027false\u0027. \n\nImpacted versions: version 0.0.3 through 1.97.0\n\n**Patches**\nThis issue has been addressed in ECS agent version 1.97.1. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes. \n\n**Workarounds**\nCustomers who cannot update to the latest AMI can modify the Amazon EC2 security groups to restrict incoming access to the introspection server port (51678). \n\n**References**\nIf you have any questions or comments about this advisory, we ask that you contact AWS Security via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting) or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.",
  "id": "GHSA-wm7x-ww72-r77q",
  "modified": "2025-08-14T19:37:34Z",
  "published": "2025-08-14T18:30:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/aws/amazon-ecs-agent/security/advisories/GHSA-wm7x-ww72-r77q"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9039"
    },
    {
      "type": "WEB",
      "url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-018"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/aws/amazon-ecs-agent"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aws/amazon-ecs-agent/releases/tag/v1.97.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Information Disclosure in Amazon ECS Container Agent"
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.

No CAPEC attack patterns related to this CWE.