CWE•Variant•Draft•4 recent CVEs
CWE-279Incorrect Execution-Assigned Permissions
Description
While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.
Common consequences
- Confidentiality,Integrity→Read Application Data,Modify Application Data
Potential mitigations
- Architecture and Design,OperationVery carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
- Architecture and Design[object Object]