CWE•Base•Incomplete•6 recent CVEs
CWE-267Privilege Defined With Unsafe Actions
Description
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
Common consequences
- Access Control→Gain Privileges or Assume IdentityA user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts.
Potential mitigations
- Architecture and Design,OperationVery carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
- Architecture and Design,OperationRun your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database ad