Common Weakness Enumeration

CWE-281

Allowed

Improper Preservation of Permissions

Abstraction: Base · Status: Draft

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

432 vulnerabilities reference this CWE, most recent first.

GHSA-3PQH-P72C-FJ85

Vulnerability from github – Published: 2021-11-19 19:34 – Updated: 2025-01-29 16:56
VLAI
Summary
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
Details

Impact

When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root (https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation.

For more information

If you have any questions or comments about this advisory email us at security@cloudflare.com

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cloudflare/cfrpki"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-3978"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-281"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-19T13:10:27Z",
    "nvd_published_at": "2025-01-29T10:15:07Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nWhen copying files with rsync, octorpki uses the \"-a\" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root (https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation.  \n\n## For more information\n\nIf you have any questions or comments about this advisory email us at security@cloudflare.com",
  "id": "GHSA-3pqh-p72c-fj85",
  "modified": "2025-01-29T16:56:35Z",
  "published": "2021-11-19T19:34:26Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/cfrpki/security/advisories/GHSA-3pqh-p72c-fj85"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3978"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cloudflare/cfrpki"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki"
}

GHSA-3Q77-F5CM-VR2M

Vulnerability from github – Published: 2024-12-19 00:37 – Updated: 2024-12-31 21:30
VLAI
Details

Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allows a physically proximate attacker to obtain sensitive information via the modification of user credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-37649"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-18T23:15:07Z",
    "severity": "MODERATE"
  },
  "details": "Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allows a physically proximate attacker to obtain sensitive information via the modification of user credentials.",
  "id": "GHSA-3q77-f5cm-vr2m",
  "modified": "2024-12-31T21:30:45Z",
  "published": "2024-12-19T00:37:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37649"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kklzzcun/SecureSTATION-/blob/main/The%20SecureSTATION%20.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3Q7X-Q7FM-WHRM

Vulnerability from github – Published: 2025-02-27 18:31 – Updated: 2025-02-27 18:31
VLAI
Details

An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configuration file. This setting is not usually recommended and is uncommonly used, so this issue will only affect users who do set it. This issue is fixed in release 0.73.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0914"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-27T16:15:38Z",
    "severity": "LOW"
  },
  "details": "An improper access control issue in the VQL shell feature in Velociraptor Versions \u003c 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configuration file. This setting is not usually recommended and is uncommonly used, so this issue will only affect users who do set it. This issue is fixed in release 0.73.4.",
  "id": "GHSA-3q7x-q7fm-whrm",
  "modified": "2025-02-27T18:31:12Z",
  "published": "2025-02-27T18:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0914"
    },
    {
      "type": "WEB",
      "url": "https://docs.velociraptor.app/announcements/advisories/cve-2025-0914"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3QC3-MX6X-267H

Vulnerability from github – Published: 2025-01-20 15:31 – Updated: 2025-01-21 20:03
VLAI
Summary
Insecure default config access in WriteFreely
Details

WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/writefreely/writefreely"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.15.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-24337"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-21T20:03:18Z",
    "nvd_published_at": "2025-01-20T14:15:27Z",
    "severity": "HIGH"
  },
  "details": "WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.",
  "id": "GHSA-3qc3-mx6x-267h",
  "modified": "2025-01-21T20:03:18Z",
  "published": "2025-01-20T15:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24337"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/writefreely/writefreely"
    },
    {
      "type": "WEB",
      "url": "https://github.com/writefreely/writefreely/releases/tag/v0.15.1"
    },
    {
      "type": "WEB",
      "url": "https://raphus.social/@TV4Fun/113846757112643161"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2025/01/18/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Insecure default config access in WriteFreely"
}

GHSA-3QPV-49M3-3H75

Vulnerability from github – Published: 2022-11-19 00:30 – Updated: 2022-11-28 21:30
VLAI
Details

NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-31608"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-19T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.",
  "id": "GHSA-3qpv-49m3-3h75",
  "modified": "2022-11-28T21:30:22Z",
  "published": "2022-11-19T00:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31608"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5383"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202310-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-432V-2WP5-HHR2

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47
VLAI
Details

Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability".

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8467"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-11T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka \"Win32k Elevation of Privilege Vulnerability\".",
  "id": "GHSA-432v-2wp5-hhr2",
  "modified": "2022-05-13T01:47:33Z",
  "published": "2022-05-13T01:47:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8467"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8467"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99409"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038853"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-436G-2F92-CVHH

Vulnerability from github – Published: 2023-04-02 21:30 – Updated: 2025-02-25 21:42
VLAI
Summary
Jenkins Role-based Authorization Strategy Plugin grants permissions even after they’ve been disabled
Details

Permissions in Jenkins can be enabled and disabled. Some permissions are disabled by default, e.g., Overall/Manage or Item/Extended Read. Disabled permissions cannot be granted directly, only through greater permissions that imply them (e.g., Overall/Administer or Item/Configure).

Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they’ve been disabled.

This allows attackers to have greater access than they’re entitled to after the following operations took place:

A permission is granted to attackers directly or through groups.

The permission is disabled, e.g., through the script console.

Role-based Authorization Strategy Plugin 587.588.v850a_20a_30162 does not grant disabled permissions.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 587.588.v850a"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:role-strategy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "587.588.v850a_20a_30162"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-28668"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-03T22:55:17Z",
    "nvd_published_at": "2023-04-02T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Permissions in Jenkins can be enabled and disabled. Some permissions are disabled by default, e.g., Overall/Manage or Item/Extended Read. Disabled permissions cannot be granted directly, only through greater permissions that imply them (e.g., Overall/Administer or Item/Configure).\n\nRole-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they\u2019ve been disabled.\n\nThis allows attackers to have greater access than they\u2019re entitled to after the following operations took place:\n\nA permission is granted to attackers directly or through groups.\n\nThe permission is disabled, e.g., through the script console.\n\nRole-based Authorization Strategy Plugin 587.588.v850a_20a_30162 does not grant disabled permissions.",
  "id": "GHSA-436g-2f92-cvhh",
  "modified": "2025-02-25T21:42:00Z",
  "published": "2023-04-02T21:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28668"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/role-strategy-plugin/commit/850a20a3016276d0c0ba4898a876c113a9191da4"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2023-03-21/#SECURITY-3053"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins Role-based Authorization Strategy Plugin grants permissions even after they\u2019ve been disabled"
}

GHSA-43HX-X24H-XVHJ

Vulnerability from github – Published: 2025-06-08 12:30 – Updated: 2025-06-08 12:30
VLAI
Details

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-26691"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-08T12:15:22Z",
    "severity": "MODERATE"
  },
  "details": "in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.",
  "id": "GHSA-43hx-x24h-xvhj",
  "modified": "2025-06-08T12:30:33Z",
  "published": "2025-06-08T12:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26691"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-45GG-VH54-H5M9

Vulnerability from github – Published: 2026-06-25 22:14 – Updated: 2026-07-10 12:31
VLAI
Summary
golang.org/x/crypto vulnerable to invoking bypass of certificate restrictions
Details

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "golang.org/x/crypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.52.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-39828"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281",
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-25T22:14:38Z",
    "nvd_published_at": "2026-05-22T04:16:22Z",
    "severity": "MODERATE"
  },
  "details": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
  "id": "GHSA-45gg-vh54-h5m9",
  "modified": "2026-07-10T12:31:34Z",
  "published": "2026-06-25T22:14:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39828.json"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2026-5014"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/issue/79562"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/cl/781621"
    },
    {
      "type": "PACKAGE",
      "url": "https://cs.opensource.google/go/x/crypto"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480687"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-39828"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37387"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37296"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37286"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37278"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37272"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37271"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:37268"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36808"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36797"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36796"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36651"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36648"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36625"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36319"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36207"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36167"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36105"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26547"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26546"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "golang.org/x/crypto vulnerable to invoking bypass of certificate restrictions"
}

GHSA-45QM-3P86-7499

Vulnerability from github – Published: 2025-02-14 18:30 – Updated: 2025-02-28 18:30
VLAI
Details

Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56973"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-14T16:15:34Z",
    "severity": "CRITICAL"
  },
  "details": "Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component.",
  "id": "GHSA-45qm-3p86-7499",
  "modified": "2025-02-28T18:30:58Z",
  "published": "2025-02-14T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56973"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/VAMorales/1092a29ac7d0b4b80d5c853b9a22a65d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.