Improper Preservation of Permissions
This vulnerability occurs when a system fails to correctly maintain file or object permissions during operations like copying, sharing, or restoring data. As a result, these resources can end up with weaker, more permissive security settings than the original owner intended.
This flaw typically surfaces in file management, backup systems, or data-sharing features. When an application copies a file or transfers an object between different security contexts, it must carefully replicate the original access controls. If the process simply creates a new item with default, often overly permissive, settings, it creates a security gap. Attackers can exploit this by accessing sensitive data or modifying resources they shouldn't have rights to, simply because the permissions were not preserved correctly during the operation. The core issue is a mismatch between the assumed and actual security state. Developers might trust that a restored backup or a shared file retains its original restrictions, but the underlying code failed to enforce this. To prevent this, always explicitly set and validate permissions during any data transfer or duplication, never relying on system defaults. Treat the preservation of access controls as a critical step in the data lifecycle, not an automatic side effect.
Impact: Read Application DataModify Application Data
- PLOVER