CWE-271 |
The software does not drop privileges before passing control of a resource to an actor that does not have those privileges. |
CWE-272 |
The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed. |
CWE-273 |
The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. |
CWE-274 |
The software does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses. |
CWE-276 |
The product, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor. |
CWE-277 |
A product defines a set of insecure permissions that are inherited by objects that are created by the program. |
CWE-278 |
A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement. |
CWE-279 |
While it is executing, the software sets the permissions of an object in a way that violates the intended permissions that have been specified by the user. |
CWE-28 |
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "..\" sequences that can resolve to a location that is outside of that directory. |
CWE-280 |
The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state. |