CWE-281
AllowedImproper Preservation of Permissions
Abstraction: Base · Status: Draft
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
432 vulnerabilities reference this CWE, most recent first.
GHSA-XRVP-GX9P-8CH2
Vulnerability from github – Published: 2024-09-17 00:31 – Updated: 2025-11-04 18:31A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet.
{
"affected": [],
"aliases": [
"CVE-2024-27795"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-17T00:15:47Z",
"severity": "HIGH"
},
"details": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet.",
"id": "GHSA-xrvp-gx9p-8ch2",
"modified": "2025-11-04T18:31:19Z",
"published": "2024-09-17T00:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27795"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121238"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Sep/33"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XXMH-66CH-6MV4
Vulnerability from github – Published: 2025-02-01 00:31 – Updated: 2025-02-03 21:31EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable to Incorrect Access Control. This vulnerability allows the api to be used to create/modify/delete information about aliases (users) / users (groups) / roles.
{
"affected": [],
"aliases": [
"CVE-2024-53355"
],
"database_specific": {
"cwe_ids": [
"CWE-281"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-31T22:15:09Z",
"severity": "HIGH"
},
"details": "EasyVirt DCScope \u003c=8.6.0 and CO2Scope \u003c=1.3.0 are vulnerable to Incorrect Access Control. This vulnerability allows the api to be used to create/modify/delete information about aliases (users) / users (groups) / roles.",
"id": "GHSA-xxmh-66ch-6mv4",
"modified": "2025-02-03T21:31:49Z",
"published": "2025-02-01T00:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53355"
},
{
"type": "WEB",
"url": "https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-53355.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.