CWE-277
AllowedInsecure Inherited Permissions
Abstraction: Variant · Status: Draft
A product defines a set of insecure permissions that are inherited by objects that are created by the program.
116 vulnerabilities reference this CWE, most recent first.
GHSA-2P97-C8VF-R4RF
Vulnerability from github – Published: 2024-04-08 12:30 – Updated: 2024-08-26 21:30Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe
{
"affected": [],
"aliases": [
"CVE-2024-26574"
],
"database_specific": {
"cwe_ids": [
"CWE-276",
"CWE-277"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-08T12:15:08Z",
"severity": "HIGH"
},
"details": "Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe",
"id": "GHSA-2p97-c8vf-r4rf",
"modified": "2024-08-26T21:30:32Z",
"published": "2024-04-08T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26574"
},
{
"type": "WEB",
"url": "https://filmora.wondershare.com"
},
{
"type": "WEB",
"url": "https://github.com/Alaatk/CVE-2024-26574/tree/main"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2VC6-9C9H-VVHF
Vulnerability from github – Published: 2025-06-11 15:30 – Updated: 2025-06-11 15:30IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program.
{
"affected": [],
"aliases": [
"CVE-2025-3473"
],
"database_specific": {
"cwe_ids": [
"CWE-277"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-11T15:15:29Z",
"severity": "MODERATE"
},
"details": "IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program.",
"id": "GHSA-2vc6-9c9h-vvhf",
"modified": "2025-06-11T15:30:29Z",
"published": "2025-06-11T15:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3473"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7236356"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3GQV-8H4Q-FFF4
Vulnerability from github – Published: 2024-01-19 21:30 – Updated: 2024-01-19 21:30Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2023-38541"
],
"database_specific": {
"cwe_ids": [
"CWE-277",
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-19T20:15:10Z",
"severity": "MODERATE"
},
"details": "Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.",
"id": "GHSA-3gqv-8h4q-fff4",
"modified": "2024-01-19T21:30:35Z",
"published": "2024-01-19T21:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38541"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00964.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3GXR-JGFF-J84X
Vulnerability from github – Published: 2023-11-28 21:30 – Updated: 2023-11-28 21:30The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.
{
"affected": [],
"aliases": [
"CVE-2023-29065"
],
"database_specific": {
"cwe_ids": [
"CWE-277",
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-28T21:15:07Z",
"severity": "MODERATE"
},
"details": "The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.",
"id": "GHSA-3gxr-jgff-j84x",
"modified": "2023-11-28T21:30:25Z",
"published": "2023-11-28T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29065"
},
{
"type": "WEB",
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3V56-Q6R6-4GCW
Vulnerability from github – Published: 2021-11-10 16:41 – Updated: 2021-11-08 21:04Impact
Versions prior 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function in scope and can therefore be executed either by mistake or maliciously.
In theory all users of the package are affected as long as they either deal with direct user input or database values. A multi-step attack on is therefore plausible.
Patches
Version 1.1.1 has addressed this vulnerability.
$params = [
'reverse' => fn($input) => strrev($input), // <-- no longer possible with version ~1.1.1
'value' => 'My website'
]
TemplateFunctions::registerClosure('reverse', fn($input) => strrev($input)); // <-- still possible (and nicely isolated)
Template::embrace('<h1>{{reverse(value)}}</h1>', $params);
Workarounds
Unfortunately only working with hardcoded values is safe in prior versions. As this likely defeats the purpose of a template engine, please upgrade.
References
As a possible exploit is relatively easy to achieve, I will not share steps to reproduce the issue for now.
For more information
If you have any questions or comments about this advisory: * Open an issue in our repo
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "neoan3-apps/template"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41170"
],
"database_specific": {
"cwe_ids": [
"CWE-277",
"CWE-732",
"CWE-74"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-08T21:04:44Z",
"nvd_published_at": "2021-11-08T19:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nVersions prior 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function in scope and can therefore be executed either by mistake or maliciously. \n\nIn theory all users of the package are affected as long as they either deal with direct user input or database values. A multi-step attack on is therefore plausible. \n\n\n### Patches\nVersion 1.1.1 has addressed this vulnerability. \n```php\n$params = [\n \u0027reverse\u0027 =\u003e fn($input) =\u003e strrev($input), // \u003c-- no longer possible with version ~1.1.1\n \u0027value\u0027 =\u003e \u0027My website\u0027 \n]\nTemplateFunctions::registerClosure(\u0027reverse\u0027, fn($input) =\u003e strrev($input)); // \u003c-- still possible (and nicely isolated)\nTemplate::embrace(\u0027\u003ch1\u003e{{reverse(value)}}\u003c/h1\u003e\u0027, $params);\n```\n\n### Workarounds\nUnfortunately only working with hardcoded values is safe in prior versions. As this likely defeats the purpose of a template engine, please upgrade.\n\n### References\nAs a possible exploit is relatively easy to achieve, I will not share steps to reproduce the issue for now.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [our repo](https://github.com/sroehrl/neoan3-template)\n\n",
"id": "GHSA-3v56-q6r6-4gcw",
"modified": "2021-11-08T21:04:44Z",
"published": "2021-11-10T16:41:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sroehrl/neoan3-template/security/advisories/GHSA-3v56-q6r6-4gcw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41170"
},
{
"type": "WEB",
"url": "https://github.com/sroehrl/neoan3-template/issues/8"
},
{
"type": "WEB",
"url": "https://github.com/sroehrl/neoan3-template/commit/4a2c9570f071d3c8f4ac790007599cba20e16934"
},
{
"type": "PACKAGE",
"url": "https://github.com/sroehrl/neoan3-template"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Insecure Inherited Permissions in neoan3-apps/template"
}
GHSA-3WW4-528C-XCV7
Vulnerability from github – Published: 2026-02-12 00:31 – Updated: 2026-02-12 18:30A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data.
{
"affected": [],
"aliases": [
"CVE-2026-20630"
],
"database_specific": {
"cwe_ids": [
"CWE-277"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-11T23:16:06Z",
"severity": "MODERATE"
},
"details": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data.",
"id": "GHSA-3ww4-528c-xcv7",
"modified": "2026-02-12T18:30:22Z",
"published": "2026-02-12T00:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20630"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126348"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-446J-5276-666Q
Vulnerability from github – Published: 2024-05-03 15:30 – Updated: 2024-07-03 18:38Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset function.
{
"affected": [],
"aliases": [
"CVE-2024-29417"
],
"database_specific": {
"cwe_ids": [
"CWE-277"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T15:15:08Z",
"severity": "HIGH"
},
"details": "Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset function.",
"id": "GHSA-446j-5276-666q",
"modified": "2024-07-03T18:38:47Z",
"published": "2024-05-03T15:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29417"
},
{
"type": "WEB",
"url": "https://blog.pridesec.com.br/en/horacius-unauthenticated-privilege-escalation"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4MX4-F8WV-Q9F5
Vulnerability from github – Published: 2025-05-13 21:30 – Updated: 2025-05-13 21:30Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow a privileged user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2025-20008"
],
"database_specific": {
"cwe_ids": [
"CWE-277"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T21:16:02Z",
"severity": "MODERATE"
},
"details": "Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow a privileged user to potentially enable escalation of privilege via local access.",
"id": "GHSA-4mx4-f8wv-q9f5",
"modified": "2025-05-13T21:30:55Z",
"published": "2025-05-13T21:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20008"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01297.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4P9C-2W63-JWV2
Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-11-11 18:30Insecure inherited permissions for some Intel(R) Rapid Storage Technology Application before version 20.0.1021 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
{
"affected": [],
"aliases": [
"CVE-2025-24327"
],
"database_specific": {
"cwe_ids": [
"CWE-277"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-11T17:15:42Z",
"severity": "MODERATE"
},
"details": "Insecure inherited permissions for some Intel(R) Rapid Storage Technology Application before version 20.0.1021 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.",
"id": "GHSA-4p9c-2w63-jwv2",
"modified": "2025-11-11T18:30:18Z",
"published": "2025-11-11T18:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24327"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01362.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4RMP-JJJ9-CFM4
Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2026-04-02 21:31The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
{
"affected": [],
"aliases": [
"CVE-2024-27834"
],
"database_specific": {
"cwe_ids": [
"CWE-277"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T15:13:06Z",
"severity": "HIGH"
},
"details": "The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.",
"id": "GHSA-4rmp-jjj9-cfm4",
"modified": "2026-04-02T21:31:41Z",
"published": "2024-05-14T15:32:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27834"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214106"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214104"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214102"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214100"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214106"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214104"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214103"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214102"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214101"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120905"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120903"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120902"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120901"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120898"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120896"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/May/10"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/May/12"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/May/16"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/May/17"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/May/9"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/05/21/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
No CAPEC attack patterns related to this CWE.