Common Weakness Enumeration

CWE-277

Allowed

Insecure Inherited Permissions

Abstraction: Variant · Status: Draft

A product defines a set of insecure permissions that are inherited by objects that are created by the program.

116 vulnerabilities reference this CWE, most recent first.

GHSA-2P97-C8VF-R4RF

Vulnerability from github – Published: 2024-04-08 12:30 – Updated: 2024-08-26 21:30
VLAI
Details

Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26574"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276",
      "CWE-277"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-08T12:15:08Z",
    "severity": "HIGH"
  },
  "details": "Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe",
  "id": "GHSA-2p97-c8vf-r4rf",
  "modified": "2024-08-26T21:30:32Z",
  "published": "2024-04-08T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26574"
    },
    {
      "type": "WEB",
      "url": "https://filmora.wondershare.com"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Alaatk/CVE-2024-26574/tree/main"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2VC6-9C9H-VVHF

Vulnerability from github – Published: 2025-06-11 15:30 – Updated: 2025-06-11 15:30
VLAI
Details

IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-3473"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-11T15:15:29Z",
    "severity": "MODERATE"
  },
  "details": "IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program.",
  "id": "GHSA-2vc6-9c9h-vvhf",
  "modified": "2025-06-11T15:30:29Z",
  "published": "2025-06-11T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3473"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7236356"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GQV-8H4Q-FFF4

Vulnerability from github – Published: 2024-01-19 21:30 – Updated: 2024-01-19 21:30
VLAI
Details

Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38541"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277",
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-19T20:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-3gqv-8h4q-fff4",
  "modified": "2024-01-19T21:30:35Z",
  "published": "2024-01-19T21:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38541"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00964.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GXR-JGFF-J84X

Vulnerability from github – Published: 2023-11-28 21:30 – Updated: 2023-11-28 21:30
VLAI
Details

The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-29065"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277",
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-28T21:15:07Z",
    "severity": "MODERATE"
  },
  "details": "The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.",
  "id": "GHSA-3gxr-jgff-j84x",
  "modified": "2023-11-28T21:30:25Z",
  "published": "2023-11-28T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29065"
    },
    {
      "type": "WEB",
      "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3V56-Q6R6-4GCW

Vulnerability from github – Published: 2021-11-10 16:41 – Updated: 2021-11-08 21:04
VLAI
Summary
Insecure Inherited Permissions in neoan3-apps/template
Details

Impact

Versions prior 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function in scope and can therefore be executed either by mistake or maliciously.

In theory all users of the package are affected as long as they either deal with direct user input or database values. A multi-step attack on is therefore plausible.

Patches

Version 1.1.1 has addressed this vulnerability.

$params = [
   'reverse' => fn($input) => strrev($input),    // <-- no longer possible with version ~1.1.1
   'value' => 'My website' 
]
TemplateFunctions::registerClosure('reverse', fn($input) => strrev($input));  // <-- still possible (and nicely isolated)
Template::embrace('<h1>{{reverse(value)}}</h1>', $params);

Workarounds

Unfortunately only working with hardcoded values is safe in prior versions. As this likely defeats the purpose of a template engine, please upgrade.

References

As a possible exploit is relatively easy to achieve, I will not share steps to reproduce the issue for now.

For more information

If you have any questions or comments about this advisory: * Open an issue in our repo

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "neoan3-apps/template"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-41170"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277",
      "CWE-732",
      "CWE-74"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-08T21:04:44Z",
    "nvd_published_at": "2021-11-08T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nVersions prior 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function in scope and can therefore be executed either by mistake or maliciously. \n\nIn theory all users of the package are affected as long as they either deal with direct user input or database values. A multi-step attack on is therefore plausible. \n\n\n### Patches\nVersion 1.1.1 has addressed this vulnerability. \n```php\n$params = [\n   \u0027reverse\u0027 =\u003e fn($input) =\u003e strrev($input),    // \u003c-- no longer possible with version ~1.1.1\n   \u0027value\u0027 =\u003e \u0027My website\u0027 \n]\nTemplateFunctions::registerClosure(\u0027reverse\u0027, fn($input) =\u003e strrev($input));  // \u003c-- still possible (and nicely isolated)\nTemplate::embrace(\u0027\u003ch1\u003e{{reverse(value)}}\u003c/h1\u003e\u0027, $params);\n```\n\n### Workarounds\nUnfortunately only working with hardcoded values is safe in prior versions. As this likely defeats the purpose of a template engine, please upgrade.\n\n### References\nAs a possible exploit is relatively easy to achieve, I will not share steps to reproduce the issue for now.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [our repo](https://github.com/sroehrl/neoan3-template)\n\n",
  "id": "GHSA-3v56-q6r6-4gcw",
  "modified": "2021-11-08T21:04:44Z",
  "published": "2021-11-10T16:41:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sroehrl/neoan3-template/security/advisories/GHSA-3v56-q6r6-4gcw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41170"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sroehrl/neoan3-template/issues/8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sroehrl/neoan3-template/commit/4a2c9570f071d3c8f4ac790007599cba20e16934"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sroehrl/neoan3-template"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Insecure Inherited Permissions in neoan3-apps/template"
}

GHSA-3WW4-528C-XCV7

Vulnerability from github – Published: 2026-02-12 00:31 – Updated: 2026-02-12 18:30
VLAI
Details

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20630"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-11T23:16:06Z",
    "severity": "MODERATE"
  },
  "details": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data.",
  "id": "GHSA-3ww4-528c-xcv7",
  "modified": "2026-02-12T18:30:22Z",
  "published": "2026-02-12T00:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20630"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/126348"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-446J-5276-666Q

Vulnerability from github – Published: 2024-05-03 15:30 – Updated: 2024-07-03 18:38
VLAI
Details

Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-29417"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T15:15:08Z",
    "severity": "HIGH"
  },
  "details": "Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset function.",
  "id": "GHSA-446j-5276-666q",
  "modified": "2024-07-03T18:38:47Z",
  "published": "2024-05-03T15:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29417"
    },
    {
      "type": "WEB",
      "url": "https://blog.pridesec.com.br/en/horacius-unauthenticated-privilege-escalation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4MX4-F8WV-Q9F5

Vulnerability from github – Published: 2025-05-13 21:30 – Updated: 2025-05-13 21:30
VLAI
Details

Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow a privileged user to potentially enable escalation of privilege via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20008"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-13T21:16:02Z",
    "severity": "MODERATE"
  },
  "details": "Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow a privileged user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-4mx4-f8wv-q9f5",
  "modified": "2025-05-13T21:30:55Z",
  "published": "2025-05-13T21:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20008"
    },
    {
      "type": "WEB",
      "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01297.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-4P9C-2W63-JWV2

Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-11-11 18:30
VLAI
Details

Insecure inherited permissions for some Intel(R) Rapid Storage Technology Application before version 20.0.1021 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-24327"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-11T17:15:42Z",
    "severity": "MODERATE"
  },
  "details": "Insecure inherited permissions for some Intel(R) Rapid Storage Technology Application before version 20.0.1021 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.",
  "id": "GHSA-4p9c-2w63-jwv2",
  "modified": "2025-11-11T18:30:18Z",
  "published": "2025-11-11T18:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24327"
    },
    {
      "type": "WEB",
      "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01362.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-4RMP-JJJ9-CFM4

Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2026-04-02 21:31
VLAI
Details

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27834"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T15:13:06Z",
    "severity": "HIGH"
  },
  "details": "The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.",
  "id": "GHSA-4rmp-jjj9-cfm4",
  "modified": "2026-04-02T21:31:41Z",
  "published": "2024-05-14T15:32:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27834"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214106"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214104"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214102"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214100"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214106"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214104"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214103"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214102"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214101"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120905"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120903"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120902"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120901"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120898"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120896"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/May/10"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/May/12"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/May/16"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/May/17"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/May/9"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/05/21/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.

No CAPEC attack patterns related to this CWE.