CWE•Base•Incomplete•1 recent CVE
CWE-708Incorrect Ownership Assignment
Description
The product assigns an owner to a resource, but the owner is outside of the intended control sphere.
This may allow the resource to be manipulated by actors outside of the intended control sphere.
Common consequences
- Confidentiality,Integrity→Read Application Data,Modify Application DataAn attacker could read and modify data for which they do not have permissions to access directly.
Potential mitigations
- PolicyPeriodically review the privileges and their owners.