Common Weakness Enumeration

CWE-281

Allowed

Improper Preservation of Permissions

Abstraction: Base · Status: Draft

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

432 vulnerabilities reference this CWE, most recent first.

GHSA-MJ5V-92GQ-PG5Q

Vulnerability from github – Published: 2025-06-08 12:30 – Updated: 2025-06-08 12:30
VLAI
Details

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-26693"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-08T12:15:22Z",
    "severity": "LOW"
  },
  "details": "in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.",
  "id": "GHSA-mj5v-92gq-pg5q",
  "modified": "2025-06-08T12:30:33Z",
  "published": "2025-06-08T12:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26693"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MMH3-P6QG-XHW2

Vulnerability from github – Published: 2024-08-12 15:30 – Updated: 2024-08-12 15:30
VLAI
Details

A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22121"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-12T13:38:16Z",
    "severity": "MODERATE"
  },
  "details": "A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.",
  "id": "GHSA-mmh3-p6qg-xhw2",
  "modified": "2024-08-12T15:30:49Z",
  "published": "2024-08-12T15:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22121"
    },
    {
      "type": "WEB",
      "url": "https://support.zabbix.com/browse/ZBX-25011"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MPGW-PWQR-Q9JP

Vulnerability from github – Published: 2021-12-08 00:01 – Updated: 2022-05-04 00:00
VLAI
Details

World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-44512"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281",
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-07T03:15:00Z",
    "severity": "HIGH"
  },
  "details": "World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.",
  "id": "GHSA-mpgw-pwqr-q9jp",
  "modified": "2022-05-04T00:00:57Z",
  "published": "2021-12-08T00:01:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44512"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2021/12/06/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQMR-QQ67-C6HJ

Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-05-24 19:04
VLAI
Details

Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the "Authenticated Users Group" which grants the (F) Flag aka "Full Control"

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27383"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-09T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an \"Authenticated User\" to modify the existing executable file with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the \"Authenticated Users Group\" which grants the (F) Flag aka \"Full Control\"",
  "id": "GHSA-mqmr-qq67-c6hj",
  "modified": "2022-05-24T19:04:28Z",
  "published": "2022-05-24T19:04:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27383"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FreySolarEye/CVE/blob/master/Battle%20Net%20Launcher%20Local%20Privilege%20Escalation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MV55-23XP-3WP8

Vulnerability from github – Published: 2021-06-08 20:09 – Updated: 2021-06-15 19:56
VLAI
Summary
Access control flaw in Kiali
Details

An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kiali operand) to use this vulnerability and deploy a given image to anywhere in the cluster, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kiali/kiali"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.33.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-3495"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-02T20:54:29Z",
    "nvd_published_at": "2021-06-01T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kiali operand) to use this vulnerability and deploy a given image to anywhere in the cluster, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
  "id": "GHSA-mv55-23xp-3wp8",
  "modified": "2021-06-15T19:56:20Z",
  "published": "2021-06-08T20:09:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3495"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kiali/kiali-operator/pull/278"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947361"
    },
    {
      "type": "WEB",
      "url": "https://kiali.io/news/security-bulletins/kiali-security-003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Access control flaw in Kiali"
}

GHSA-MV64-86G8-CQQ7

Vulnerability from github – Published: 2024-04-25 18:30 – Updated: 2024-04-25 23:34
VLAI
Summary
Quarkus: security checks in resteasy reactive may trigger a denial of service
Details

A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.quarkus.resteasy.reactive:resteasy-reactive"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.8.0.CR1"
            },
            {
              "fixed": "3.8.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.8.0.CR1"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.quarkus.resteasy.reactive:resteasy-reactive"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.3.0.CR1"
            },
            {
              "fixed": "3.7.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.quarkus.resteasy.reactive:resteasy-reactive"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.11.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-1726"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-25T23:34:44Z",
    "nvd_published_at": "2024-04-25T17:15:48Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service.",
  "id": "GHSA-mv64-86g8-cqq7",
  "modified": "2024-04-25T23:34:44Z",
  "published": "2024-04-25T18:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1726"
    },
    {
      "type": "WEB",
      "url": "https://github.com/quarkusio/quarkus/commit/34c1a63baf5401d0d578a23a1a4deb4b841ce65b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/quarkusio/quarkus/commit/96d93427f3b4a7d3cff34d8b7b883e13cecd359c"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1662"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-1726"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265158"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/quarkusio/quarkus"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Quarkus: security checks in resteasy reactive may trigger a denial of service"
}

GHSA-MVFF-H3CJ-WJ9C

Vulnerability from github – Published: 2022-01-06 17:36 – Updated: 2022-04-04 20:40
VLAI
Summary
Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux
Details

Impact

Containers launched through containerd’s CRI implementation on Linux systems which use the SELinux security module and containerd versions since v1.5.0 can cause arbitrary files and directories on the host to be relabeled to match the container process label through the use of specially-configured bind mounts in a hostPath volume. This relabeling elevates permissions for the container, granting full read/write access over the affected files and directories. Kubernetes and crictl can both be configured to use containerd’s CRI implementation.

If you are not using containerd’s CRI implementation (through one of the mechanisms described above), you are not affected by this issue.

Patches

This bug has been fixed in containerd 1.5.9. Because file labels persist independently of containerd, users should both update to these versions as soon as they are released and validate that all files on their host are correctly labeled.

Workarounds

Ensure that no sensitive files or directories are used as a hostPath volume source location. Policy enforcement mechanisms such a Kubernetes Pod Security Policy AllowedHostPaths may be specified to limit the files and directories that can be bind-mounted to containers.

For more information

If you have any questions or comments about this advisory:

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/containerd/containerd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.5.0"
            },
            {
              "fixed": "1.5.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-43816"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-05T21:09:16Z",
    "nvd_published_at": "2022-01-05T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nContainers launched through containerd\u2019s CRI implementation on Linux systems which use the SELinux security module and containerd versions since v1.5.0 can cause arbitrary files and directories on the host to be relabeled to match the container process label through the use of specially-configured bind mounts in a hostPath volume. This relabeling elevates permissions for the container, granting full read/write access over the affected files and directories. Kubernetes and crictl can both be configured to use containerd\u2019s CRI implementation.\n\nIf you are not using containerd\u2019s CRI implementation (through one of the mechanisms described above), you are not affected by this issue.\n\n### Patches\n\nThis bug has been fixed in containerd 1.5.9.  Because file labels persist independently of containerd, users should both update to these versions as soon as they are released and validate that all files on their host are correctly labeled.\n\n### Workarounds\n\nEnsure that no sensitive files or directories are used as a hostPath volume source location.  Policy enforcement mechanisms such a Kubernetes Pod Security Policy [AllowedHostPaths](https://kubernetes.io/docs/concepts/policy/pod-security-policy/#volumes-and-file-systems) may be specified to limit the files and directories that can be bind-mounted to containers.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)",
  "id": "GHSA-mvff-h3cj-wj9c",
  "modified": "2022-04-04T20:40:33Z",
  "published": "2022-01-06T17:36:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43816"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containerd/containerd/issues/6194"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containerd/containerd/commit/a731039238c62be081eb8c31525b988415745eea"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dweomer/containerd/commit/f7f08f0e34fb97392b0d382e58916d6865100299"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/containerd/containerd"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD5GH7NMK5VJMA2Y5CYB5O5GTPYMWMLX"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPDIZMI7ZPERSZE2XO265UCK5IWM7CID"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux"
}

GHSA-MWFM-4FRV-J42H

Vulnerability from github – Published: 2022-08-18 00:00 – Updated: 2022-08-19 00:00
VLAI
Details

An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-31262"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-17T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.",
  "id": "GHSA-mwfm-4frv-j42h",
  "modified": "2022-08-19T00:00:19Z",
  "published": "2022-08-18T00:00:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31262"
    },
    {
      "type": "WEB",
      "url": "https://github.com/secure-77/CVE-2022-31262"
    },
    {
      "type": "WEB",
      "url": "https://secure77.de/category/subjects/researches"
    },
    {
      "type": "WEB",
      "url": "https://secure77.de/gog-galaxy-cve-2022-31262"
    },
    {
      "type": "WEB",
      "url": "https://www.youtube.com/watch?v=Bgdbx5TJShI"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MX8H-PMQV-8C67

Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14
VLAI
Details

The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-6335"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-08-26T10:55:00Z",
    "severity": "LOW"
  },
  "details": "The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.",
  "id": "GHSA-mx8h-pmqv-8c67",
  "modified": "2022-05-13T01:14:00Z",
  "published": "2022-05-13T01:14:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6335"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89054"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60482"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680453"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MXCM-W7FM-9QR2

Vulnerability from github – Published: 2024-04-09 21:32 – Updated: 2024-11-04 18:31
VLAI
Details

Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-3545"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-09T19:15:41Z",
    "severity": "MODERATE"
  },
  "details": "Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.\n\n",
  "id": "GHSA-mxcm-w7fm-9qr2",
  "modified": "2024-11-04T18:31:17Z",
  "published": "2024-04-09T21:32:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3545"
    },
    {
      "type": "WEB",
      "url": "https://devolutions.net/security/advisories/DEVO-2024-0006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.