Improper Preservation of PermissionsID: 281 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Base |
Description
The software does not preserve permissions or incorrectly
preserves permissions when copying, restoring, or sharing objects, which can
cause them to have less restrictive permissions than
intended.
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
- Implementation
- Operation
Common Consequences
Scope | Technical Impact | Notes |
---|
ConfidentialityIntegrity | Read application
dataModify application
data | |
Detection MethodsNone
Potential MitigationsNone
Relationships
Related CWE | Type | View | Chain |
---|
CWE-281 ChildOf CWE-899 | Category | CWE-888 | |
Demonstrative ExamplesNone
Observed Examples
- CVE-2002-2323 : Incorrect ACLs used when restoring backups from directories that use symbolic links.
- CVE-2001-1515 : Automatic modification of permissions inherited from another file system.
- CVE-2005-1920 : Permissions on backup file are created with defaults, possibly less secure than original file.
- CVE-2001-0195 : File is made world-readable when being cloned.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
PLOVER | | Permission preservation failure | |
References:None