CWE-281
AllowedImproper Preservation of Permissions
Abstraction: Base · Status: Draft
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
432 vulnerabilities reference this CWE, most recent first.
GHSA-3PQH-P72C-FJ85
Vulnerability from github – Published: 2021-11-19 19:34 – Updated: 2025-01-29 16:56Impact
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root (https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation.
For more information
If you have any questions or comments about this advisory email us at security@cloudflare.com
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cloudflare/cfrpki"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-3978"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-281"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-19T13:10:27Z",
"nvd_published_at": "2025-01-29T10:15:07Z",
"severity": "HIGH"
},
"details": "### Impact\n\nWhen copying files with rsync, octorpki uses the \"-a\" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root (https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation. \n\n## For more information\n\nIf you have any questions or comments about this advisory email us at security@cloudflare.com",
"id": "GHSA-3pqh-p72c-fj85",
"modified": "2025-01-29T16:56:35Z",
"published": "2021-11-19T19:34:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-3pqh-p72c-fj85"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3978"
},
{
"type": "PACKAGE",
"url": "https://github.com/cloudflare/cfrpki"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki"
}
GHSA-3Q77-F5CM-VR2M
Vulnerability from github – Published: 2024-12-19 00:37 – Updated: 2024-12-31 21:30Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allows a physically proximate attacker to obtain sensitive information via the modification of user credentials.
{
"affected": [],
"aliases": [
"CVE-2024-37649"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-18T23:15:07Z",
"severity": "MODERATE"
},
"details": "Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allows a physically proximate attacker to obtain sensitive information via the modification of user credentials.",
"id": "GHSA-3q77-f5cm-vr2m",
"modified": "2024-12-31T21:30:45Z",
"published": "2024-12-19T00:37:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37649"
},
{
"type": "WEB",
"url": "https://github.com/kklzzcun/SecureSTATION-/blob/main/The%20SecureSTATION%20.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3Q7X-Q7FM-WHRM
Vulnerability from github – Published: 2025-02-27 18:31 – Updated: 2025-02-27 18:31An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configuration file. This setting is not usually recommended and is uncommonly used, so this issue will only affect users who do set it. This issue is fixed in release 0.73.4.
{
"affected": [],
"aliases": [
"CVE-2025-0914"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-27T16:15:38Z",
"severity": "LOW"
},
"details": "An improper access control issue in the VQL shell feature in Velociraptor Versions \u003c 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configuration file. This setting is not usually recommended and is uncommonly used, so this issue will only affect users who do set it. This issue is fixed in release 0.73.4.",
"id": "GHSA-3q7x-q7fm-whrm",
"modified": "2025-02-27T18:31:12Z",
"published": "2025-02-27T18:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0914"
},
{
"type": "WEB",
"url": "https://docs.velociraptor.app/announcements/advisories/cve-2025-0914"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3QC3-MX6X-267H
Vulnerability from github – Published: 2025-01-20 15:31 – Updated: 2025-01-21 20:03WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/writefreely/writefreely"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.15.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-24337"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-21T20:03:18Z",
"nvd_published_at": "2025-01-20T14:15:27Z",
"severity": "HIGH"
},
"details": "WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.",
"id": "GHSA-3qc3-mx6x-267h",
"modified": "2025-01-21T20:03:18Z",
"published": "2025-01-20T15:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24337"
},
{
"type": "PACKAGE",
"url": "https://github.com/writefreely/writefreely"
},
{
"type": "WEB",
"url": "https://github.com/writefreely/writefreely/releases/tag/v0.15.1"
},
{
"type": "WEB",
"url": "https://raphus.social/@TV4Fun/113846757112643161"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2025/01/18/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Insecure default config access in WriteFreely"
}
GHSA-3QPV-49M3-3H75
Vulnerability from github – Published: 2022-11-19 00:30 – Updated: 2022-11-28 21:30NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
{
"affected": [],
"aliases": [
"CVE-2022-31608"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-19T00:15:00Z",
"severity": "HIGH"
},
"details": "NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.",
"id": "GHSA-3qpv-49m3-3h75",
"modified": "2022-11-28T21:30:22Z",
"published": "2022-11-19T00:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31608"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202310-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-432V-2WP5-HHR2
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability".
{
"affected": [],
"aliases": [
"CVE-2017-8467"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-11T21:29:00Z",
"severity": "HIGH"
},
"details": "Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka \"Win32k Elevation of Privilege Vulnerability\".",
"id": "GHSA-432v-2wp5-hhr2",
"modified": "2022-05-13T01:47:33Z",
"published": "2022-05-13T01:47:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8467"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8467"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99409"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038853"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-436G-2F92-CVHH
Vulnerability from github – Published: 2023-04-02 21:30 – Updated: 2025-02-25 21:42Permissions in Jenkins can be enabled and disabled. Some permissions are disabled by default, e.g., Overall/Manage or Item/Extended Read. Disabled permissions cannot be granted directly, only through greater permissions that imply them (e.g., Overall/Administer or Item/Configure).
Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they’ve been disabled.
This allows attackers to have greater access than they’re entitled to after the following operations took place:
A permission is granted to attackers directly or through groups.
The permission is disabled, e.g., through the script console.
Role-based Authorization Strategy Plugin 587.588.v850a_20a_30162 does not grant disabled permissions.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c 587.588.v850a"
},
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:role-strategy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "587.588.v850a_20a_30162"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-28668"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": true,
"github_reviewed_at": "2023-04-03T22:55:17Z",
"nvd_published_at": "2023-04-02T21:15:00Z",
"severity": "MODERATE"
},
"details": "Permissions in Jenkins can be enabled and disabled. Some permissions are disabled by default, e.g., Overall/Manage or Item/Extended Read. Disabled permissions cannot be granted directly, only through greater permissions that imply them (e.g., Overall/Administer or Item/Configure).\n\nRole-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they\u2019ve been disabled.\n\nThis allows attackers to have greater access than they\u2019re entitled to after the following operations took place:\n\nA permission is granted to attackers directly or through groups.\n\nThe permission is disabled, e.g., through the script console.\n\nRole-based Authorization Strategy Plugin 587.588.v850a_20a_30162 does not grant disabled permissions.",
"id": "GHSA-436g-2f92-cvhh",
"modified": "2025-02-25T21:42:00Z",
"published": "2023-04-02T21:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28668"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/role-strategy-plugin/commit/850a20a3016276d0c0ba4898a876c113a9191da4"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2023-03-21/#SECURITY-3053"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins Role-based Authorization Strategy Plugin grants permissions even after they\u2019ve been disabled"
}
GHSA-43HX-X24H-XVHJ
Vulnerability from github – Published: 2025-06-08 12:30 – Updated: 2025-06-08 12:30in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
{
"affected": [],
"aliases": [
"CVE-2025-26691"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-08T12:15:22Z",
"severity": "MODERATE"
},
"details": "in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.",
"id": "GHSA-43hx-x24h-xvhj",
"modified": "2025-06-08T12:30:33Z",
"published": "2025-06-08T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26691"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-45GG-VH54-H5M9
Vulnerability from github – Published: 2026-06-25 22:14 – Updated: 2026-07-10 12:31When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "golang.org/x/crypto"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.52.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-39828"
],
"database_specific": {
"cwe_ids": [
"CWE-281",
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-25T22:14:38Z",
"nvd_published_at": "2026-05-22T04:16:22Z",
"severity": "MODERATE"
},
"details": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"id": "GHSA-45gg-vh54-h5m9",
"modified": "2026-07-10T12:31:34Z",
"published": "2026-06-25T22:14:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39828.json"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2026-5014"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"type": "WEB",
"url": "https://go.dev/issue/79562"
},
{
"type": "WEB",
"url": "https://go.dev/cl/781621"
},
{
"type": "PACKAGE",
"url": "https://cs.opensource.google/go/x/crypto"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480687"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-39828"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37387"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37296"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37286"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37278"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37271"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37268"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36796"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36651"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36648"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36625"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36319"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36207"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36167"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36105"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26547"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26546"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "golang.org/x/crypto vulnerable to invoking bypass of certificate restrictions"
}
GHSA-45QM-3P86-7499
Vulnerability from github – Published: 2025-02-14 18:30 – Updated: 2025-02-28 18:30Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component.
{
"affected": [],
"aliases": [
"CVE-2024-56973"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-14T16:15:34Z",
"severity": "CRITICAL"
},
"details": "Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component.",
"id": "GHSA-45qm-3p86-7499",
"modified": "2025-02-28T18:30:58Z",
"published": "2025-02-14T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56973"
},
{
"type": "WEB",
"url": "https://gist.github.com/VAMorales/1092a29ac7d0b4b80d5c853b9a22a65d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.