Common Weakness Enumeration

CWE-281

Allowed

Improper Preservation of Permissions

Abstraction: Base · Status: Draft

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

432 vulnerabilities reference this CWE, most recent first.

GHSA-6236-FHHC-64MR

Vulnerability from github – Published: 2025-06-10 12:30 – Updated: 2025-06-11 15:30
VLAI
Details

Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-43697"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-10T12:15:24Z",
    "severity": "HIGH"
  },
  "details": "Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data.\nThis impacts OmniStudio: before Spring 2025",
  "id": "GHSA-6236-fhhc-64mr",
  "modified": "2025-06-11T15:30:26Z",
  "published": "2025-06-10T12:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43697"
    },
    {
      "type": "WEB",
      "url": "https://help.salesforce.com/s/articleView?id=004980323\u0026type=1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-62WC-JJ78-F4F6

Vulnerability from github – Published: 2026-01-20 21:31 – Updated: 2026-06-30 03:35
VLAI
Details

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-55130"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281",
      "CWE-289"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-20T21:16:03Z",
    "severity": "HIGH"
  },
  "details": "A flaw in Node.js\u2019s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise.\nThis vulnerability affects users of the permission model on Node.js v20,  v22,  v24, and v25.",
  "id": "GHSA-62wc-jj78-f4f6",
  "modified": "2026-06-30T03:35:27Z",
  "published": "2026-01-20T21:31:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55130"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55130.json"
    },
    {
      "type": "WEB",
      "url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431352"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-55130"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:7387"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:7386"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:6431"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:6402"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:2899"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:2864"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:2783"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:2782"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:2781"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:2768"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:2767"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:2422"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:2421"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:2420"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:1843"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:1842"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-63QM-GR74-HVJ8

Vulnerability from github – Published: 2021-12-08 00:01 – Updated: 2021-12-08 00:01
VLAI
Details

There is an Improper permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-37056"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-07T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "There is an Improper permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information.",
  "id": "GHSA-63qm-gr74-hvj8",
  "modified": "2021-12-08T00:01:26Z",
  "published": "2021-12-08T00:01:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37056"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2021/9"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/om/support/bulletin/2021/10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-645G-Q3PQ-8Q25

Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:35
VLAI
Details

A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0975"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-03T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent\u2019s executables before it can be executed. This allows the user to elevate their permissions.",
  "id": "GHSA-645g-q3pq-8q25",
  "modified": "2024-04-04T05:35:30Z",
  "published": "2023-07-06T19:24:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0975"
    },
    {
      "type": "WEB",
      "url": "https://kcm.trellix.com/corporate/index?page=content\u0026id=SB10396"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-647Q-GC86-99GJ

Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2022-05-13 01:52
VLAI
Details

If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5163"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-11T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process\u0027 privileges, escaping the sandbox on content processes. This vulnerability affects Firefox \u003c 60.",
  "id": "GHSA-647q-gc86-99gj",
  "modified": "2022-05-13T01:52:43Z",
  "published": "2022-05-13T01:52:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5163"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1426353"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3645-1"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-11"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104139"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040896"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-64G8-8MM8-6QP6

Vulnerability from github – Published: 2024-12-19 00:37 – Updated: 2025-01-02 21:31
VLAI
Details

In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56317"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-18T23:15:18Z",
    "severity": "HIGH"
  },
  "details": "In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service.",
  "id": "GHSA-64g8-8mm8-6qp6",
  "modified": "2025-01-02T21:31:41Z",
  "published": "2024-12-19T00:37:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56317"
    },
    {
      "type": "WEB",
      "url": "https://github.com/project-chip/connectedhomeip/issues/36535"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-66PM-7M3Q-GH7C

Vulnerability from github – Published: 2023-11-20 12:30 – Updated: 2023-11-20 12:30
VLAI
Details

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43612"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-20T12:15:08Z",
    "severity": "HIGH"
  },
  "details": "in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions.",
  "id": "GHSA-66pm-7m3q-gh7c",
  "modified": "2023-11-20T12:30:27Z",
  "published": "2023-11-20T12:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43612"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-66VW-V2X9-HW75

Vulnerability from github – Published: 2022-04-30 00:00 – Updated: 2024-09-16 17:22
VLAI
Summary
Podman publishes a malicious image to public registries
Details

Podman is a tool for managing OCI containers and pods. A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/containers/podman/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/containers/psgo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-1227"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-281"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-05-03T06:15:16Z",
    "nvd_published_at": "2022-04-29T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Podman is a tool for managing OCI containers and pods. A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the \u0027podman top\u0027 command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.",
  "id": "GHSA-66vw-v2x9-hw75",
  "modified": "2024-09-16T17:22:51Z",
  "published": "2022-04-30T00:00:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1227"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/podman/issues/10941"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/podman/pull/13862"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/podman/pull/13862/commits/79a3e149c10f74db4cebff624287385c90179d09"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/psgo/pull/92"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070368"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/containers/podman"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2022-0558"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240628-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Podman publishes a malicious image to public registries"
}

GHSA-67CG-J2QQ-7WV4

Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30
VLAI
Details

Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-40767"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-15T21:16:49Z",
    "severity": "HIGH"
  },
  "details": "Unauthenticated Broken Access Control in wpForo Forum \u003c 3.0.2 versions.",
  "id": "GHSA-67cg-j2qq-7wv4",
  "modified": "2026-06-15T21:30:46Z",
  "published": "2026-06-15T21:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40767"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/wpforo/vulnerability/wordpress-wpforo-forum-plugin-3-0-2-broken-access-control-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6879-GF6Q-3QMJ

Vulnerability from github – Published: 2024-09-17 00:31 – Updated: 2025-11-04 18:31
VLAI
Details

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40770"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-17T00:15:48Z",
    "severity": "HIGH"
  },
  "details": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings.",
  "id": "GHSA-6879-gf6q-3qmj",
  "modified": "2025-11-04T18:31:19Z",
  "published": "2024-09-17T00:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40770"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121238"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Sep/33"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.