[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Improper Preservation of Permissions

ID: 281Date: (C)2012-05-14   (M)2022-10-10
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Applicable Platforms
Language Class: All

Time Of Introduction

  • Architecture and Design
  • Implementation
  • Operation

Common Consequences

ScopeTechnical ImpactNotes
Confidentiality
Integrity
 
Read application data
Modify application data
 
 

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWETypeViewChain
CWE-281 ChildOf CWE-899 Category CWE-888  

Demonstrative Examples
None

Observed Examples

  1. CVE-2002-2323 : Incorrect ACLs used when restoring backups from directories that use symbolic links.
  2. CVE-2001-1515 : Automatic modification of permissions inherited from another file system.
  3. CVE-2005-1920 : Permissions on backup file are created with defaults, possibly less secure than original file.
  4. CVE-2001-0195 : File is made world-readable when being cloned.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Permission preservation failure
 
 

References:
None

CVE    98
CVE-2013-6335
CVE-2021-0074
CVE-2021-0077
CVE-2021-0542
...

© SecPod Technologies