Common Weakness Enumeration

CWE-279

Allowed

Incorrect Execution-Assigned Permissions

Abstraction: Variant · Status: Draft

While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.

49 vulnerabilities reference this CWE, most recent first.

GHSA-9HGQ-RRV7-J79J

Vulnerability from github – Published: 2026-03-04 18:31 – Updated: 2026-03-04 18:31
VLAI
Details

A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files.

This vulnerability is due to improper access controls for Secure Copy Protocol (SCP) operations when the CiscoSSH stack is enabled. An attacker could exploit this vulnerability by authenticating to a non-admin context of the device and issuing crafted SCP copy commands in that non-admin context. A successful exploit could allow the attacker to read, create, or overwrite sensitive files that belong to another context, including the admin and system contexts. The attacker cannot directly impact the availability of services pertaining to other contexts. To exploit this vulnerability, the attacker must have valid administrative credentials for a non-admin context.

Note: An attacker cannot list or enumerate files from another context and would need to know the exact file path, which increases the complexity of a successful attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20062"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-279"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-04T18:16:20Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files.\n  \n This vulnerability is due to improper access controls for Secure Copy Protocol (SCP) operations when the CiscoSSH stack is enabled. An attacker could exploit this vulnerability by authenticating to a non-admin context of the device and issuing crafted SCP copy commands in that non-admin context. A successful exploit could allow the attacker to read, create, or overwrite sensitive files that belong to another context, including the admin and system contexts. The attacker cannot directly impact the availability of services pertaining to other contexts. To exploit this vulnerability, the attacker must have valid administrative credentials for a non-admin context.\n  \n Note: An attacker cannot list or enumerate files from another context and would need to know the exact file path, which increases the complexity of a successful attack.",
  "id": "GHSA-9hgq-rrv7-j79j",
  "modified": "2026-03-04T18:31:55Z",
  "published": "2026-03-04T18:31:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20062"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-scpcxt-filecpy-rgeP73nE"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9V86-J5RF-5XPX

Vulnerability from github – Published: 2023-08-16 21:31 – Updated: 2023-08-16 21:31
VLAI
Details

A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4383"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-279",
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-16T20:15:09Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-9v86-j5rf-5xpx",
  "modified": "2023-08-16T21:31:05Z",
  "published": "2023-08-16T21:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4383"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/dmknght/ac489cf3605ded09b3925521afee3003"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.237315"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.237315"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C62C-XC8V-3Q5X

Vulnerability from github – Published: 2024-11-13 21:30 – Updated: 2024-11-13 21:30
VLAI
Details

Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-37025"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-279"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-13T21:15:25Z",
    "severity": "MODERATE"
  },
  "details": "Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-c62c-xc8v-3q5x",
  "modified": "2024-11-13T21:30:38Z",
  "published": "2024-11-13T21:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37025"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01197.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CQCR-6GVH-8XMG

Vulnerability from github – Published: 2025-12-26 15:30 – Updated: 2025-12-26 15:30
VLAI
Details

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36228"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-279"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-26T15:15:46Z",
    "severity": "LOW"
  },
  "details": "IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.",
  "id": "GHSA-cqcr-6gvh-8xmg",
  "modified": "2025-12-26T15:30:17Z",
  "published": "2025-12-26T15:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36228"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7255331"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F2HW-22W7-PG9W

Vulnerability from github – Published: 2025-07-17 18:31 – Updated: 2025-07-17 18:31
VLAI
Details

NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on the VLAN.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23263"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-279"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-17T18:15:24Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on the VLAN.",
  "id": "GHSA-f2hw-22w7-pg9w",
  "modified": "2025-07-17T18:31:14Z",
  "published": "2025-07-17T18:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23263"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5654"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FGHC-C4MF-Q7P3

Vulnerability from github – Published: 2025-09-04 21:31 – Updated: 2025-09-04 21:31
VLAI
Details

In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-26422"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-279"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-04T18:15:40Z",
    "severity": "MODERATE"
  },
  "details": "In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-fghc-c4mf-q7p3",
  "modified": "2025-09-04T21:31:37Z",
  "published": "2025-09-04T21:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26422"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/frameworks/base/+/63ae789499395abc2b71fd46f57cac3c4ba1bd9d"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2025-05-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JGCR-FG3G-QVW8

Vulnerability from github – Published: 2021-05-10 15:18 – Updated: 2021-05-07 16:46
VLAI
Summary
Improper permission handling in Apache Solr
Details

When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.solr:solr-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-29262"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-279",
      "CWE-522"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-07T16:46:48Z",
    "nvd_published_at": "2021-04-13T07:15:00Z",
    "severity": "HIGH"
  },
  "details": "When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.",
  "id": "GHSA-jgcr-fg3g-qvw8",
  "modified": "2021-05-07T16:46:48Z",
  "published": "2021-05-10T15:18:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29262"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/SOLR-15249"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r1171f6417eeb6d5e1206d53e2b2ff2d6ee14026f8b595ef7d8a33b79@%3Coak-issues.jackrabbit.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r1e92a2eff6c47a65c4a6e95e809a9707181de76f8062403a0bea1012@%3Coak-issues.jackrabbit.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r51b29ff62060b67bc9999ded5e252b36b09311fe5a02d27f6de3e4d3@%3Coak-issues.jackrabbit.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r536da4c4e4e406f7843461cc754a3d0a3fe575aa576e2b71a9cd57d0%40%3Cannounce.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r7151081abab92a827a607205c4260b0a3d22280b52d15bc909177608@%3Coak-issues.jackrabbit.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r8d35eeb9a470d2682b5bcf3be0b8942faa7e28f9ca5861c058d17fff@%3Coak-issues.jackrabbit.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9c4ce6903218c92ef2583070e64af5a69e483821c4b3016dc41e3c6f@%3Coak-issues.jackrabbit.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb6db683903174eaa44ec80cc118a38574319b0d4181f36b61ee6278f@%3Cdev.jackrabbit.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rbc680cbfd745f22d182158217428a296e8e398cde16f3f428fe4bddc@%3Coak-issues.jackrabbit.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd85f87e559ee27e9c69795e3ad93a77621895e0328ea3df41d711d72@%3Coak-commits.jackrabbit.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ref84e60192f4bdc3206b247f260513e8d4e71f3e200792f75386d07a@%3Cdev.jackrabbit.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210604-0009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper permission handling in Apache Solr"
}

GHSA-MXJH-5564-F256

Vulnerability from github – Published: 2026-03-27 06:31 – Updated: 2026-05-15 21:31
VLAI
Details

A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leading to unauthorized changes in network security configurations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-4948"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-279"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-27T06:16:39Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leading to unauthorized changes in network security configurations.",
  "id": "GHSA-mxjh-5564-f256",
  "modified": "2026-05-15T21:31:30Z",
  "published": "2026-03-27T06:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4948"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-4948"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452086"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00029.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PCG2-78C9-XJ3V

Vulnerability from github – Published: 2025-12-11 21:31 – Updated: 2025-12-11 21:31
VLAI
Details

Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13663"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-279"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-11T21:15:46Z",
    "severity": "MODERATE"
  },
  "details": "Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists.",
  "id": "GHSA-pcg2-78c9-xj3v",
  "modified": "2025-12-11T21:31:33Z",
  "published": "2025-12-11T21:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13663"
    },
    {
      "type": "WEB",
      "url": "https://www.altera.com/security/security-advisory/asa-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-PH64-GWHP-Q7M9

Vulnerability from github – Published: 2025-02-13 00:33 – Updated: 2025-02-13 00:33
VLAI
Details

Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39286"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-279"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-12T22:15:36Z",
    "severity": "LOW"
  },
  "details": "Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via local access.",
  "id": "GHSA-ph64-gwhp-q7m9",
  "modified": "2025-02-13T00:33:06Z",
  "published": "2025-02-13T00:33:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39286"
    },
    {
      "type": "WEB",
      "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01236.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-81: Web Server Logs Tampering

Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.