Category: SFP Secondary Cluster: Insecure Resource Permissions
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Insecure Resource Permissions cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-276 | Incorrect Default Permissions | This vulnerability occurs when software installation scripts set overly permissive file or directory access rights by default. Instead of restricting write access to authorized users or processes, the installation allows unintended actors to modify, delete, or corrupt critical application files. |
| CWE-277 | Insecure Inherited Permissions | This vulnerability occurs when an application sets default file or directory permissions that are too permissive, and these insecure settings are automatically passed down to new files or objects the program creates. |
| CWE-278 | Insecure Preserved Inherited Permissions | This vulnerability occurs when a software product copies or extracts files while unintentionally preserving insecure permissions from their original source, such as an archive, without the user's knowledge or consent. |
| CWE-279 | Incorrect Execution-Assigned Permissions | This vulnerability occurs when a running application incorrectly changes an object's access permissions, overriding the security settings that a user or administrator intentionally configured. |
| CWE-281 | Improper Preservation of Permissions | This vulnerability occurs when a system fails to correctly maintain file or object permissions during operations like copying, sharing, or restoring data. As a result, these resources can end up with weaker, more permissive security settings than the original owner intended. |
| CWE-560 | Use of umask() with chmod-style Argument | This vulnerability occurs when a program incorrectly uses the `umask()` system call with an argument formatted for `chmod()`, leading to unintended and overly permissive file permissions. |
| CWE-732 | Incorrect Permission Assignment for Critical Resource | This vulnerability occurs when a system grants overly permissive access to a sensitive resource, allowing unauthorized users or processes to read or alter it. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.