CWE-281: Improper Preservation of Permissions

Description

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Extended Description

N/A

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

CVE: CVE-2002-2323

Incorrect ACLs used when restoring backups from directories that use symbolic links.
CVE: CVE-2001-1515

Automatic modification of permissions inherited from another file system.
CVE: CVE-2005-1920

Permissions on backup file are created with defaults, possibly less secure than original file.
CVE: CVE-2001-0195

File is made world-readable when being cloned.

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Operation	N/A

Common Consequences

Impact: Read Application Data, Modify Application Data — Notes:

Potential Mitigations

None listed.

Applicable Platforms

None (Not Language-Specific, Undetermined)

Demonstrative Examples

N/A

Notes

No notes available.

← Back to CWE list