| CWE-281 |
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended. |
| CWE-282 |
The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource. |
| CWE-283 |
The software does not properly verify that a critical resource is owned by the proper entity. |
| CWE-284 |
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-285 |
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-286 |
The software does not properly manage a user within its environment. |
| CWE-287 |
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. |
| CWE-288 |
A product requires authentication, but the product has an alternate path or channel that does not require authentication. |
| CWE-289 |
The software performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor. |
| CWE-29 |
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory. |
