CWE-279
AllowedIncorrect Execution-Assigned Permissions
Abstraction: Variant · Status: Draft
While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.
49 vulnerabilities reference this CWE, most recent first.
GHSA-9HGQ-RRV7-J79J
Vulnerability from github – Published: 2026-03-04 18:31 – Updated: 2026-03-04 18:31A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files.
This vulnerability is due to improper access controls for Secure Copy Protocol (SCP) operations when the CiscoSSH stack is enabled. An attacker could exploit this vulnerability by authenticating to a non-admin context of the device and issuing crafted SCP copy commands in that non-admin context. A successful exploit could allow the attacker to read, create, or overwrite sensitive files that belong to another context, including the admin and system contexts. The attacker cannot directly impact the availability of services pertaining to other contexts. To exploit this vulnerability, the attacker must have valid administrative credentials for a non-admin context.
Note: An attacker cannot list or enumerate files from another context and would need to know the exact file path, which increases the complexity of a successful attack.
{
"affected": [],
"aliases": [
"CVE-2026-20062"
],
"database_specific": {
"cwe_ids": [
"CWE-279"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-04T18:16:20Z",
"severity": "HIGH"
},
"details": "A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files.\n \n This vulnerability is due to improper access controls for Secure Copy Protocol (SCP) operations when the CiscoSSH stack is enabled. An attacker could exploit this vulnerability by authenticating to a non-admin context of the device and issuing crafted SCP copy commands in that non-admin context. A successful exploit could allow the attacker to read, create, or overwrite sensitive files that belong to another context, including the admin and system contexts. The attacker cannot directly impact the availability of services pertaining to other contexts. To exploit this vulnerability, the attacker must have valid administrative credentials for a non-admin context.\n \n Note: An attacker cannot list or enumerate files from another context and would need to know the exact file path, which increases the complexity of a successful attack.",
"id": "GHSA-9hgq-rrv7-j79j",
"modified": "2026-03-04T18:31:55Z",
"published": "2026-03-04T18:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20062"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-scpcxt-filecpy-rgeP73nE"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9V86-J5RF-5XPX
Vulnerability from github – Published: 2023-08-16 21:31 – Updated: 2023-08-16 21:31A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2023-4383"
],
"database_specific": {
"cwe_ids": [
"CWE-279",
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-16T20:15:09Z",
"severity": "HIGH"
},
"details": "A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-9v86-j5rf-5xpx",
"modified": "2023-08-16T21:31:05Z",
"published": "2023-08-16T21:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4383"
},
{
"type": "WEB",
"url": "https://gist.github.com/dmknght/ac489cf3605ded09b3925521afee3003"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.237315"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.237315"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C62C-XC8V-3Q5X
Vulnerability from github – Published: 2024-11-13 21:30 – Updated: 2024-11-13 21:30Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2024-37025"
],
"database_specific": {
"cwe_ids": [
"CWE-279"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-13T21:15:25Z",
"severity": "MODERATE"
},
"details": "Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.",
"id": "GHSA-c62c-xc8v-3q5x",
"modified": "2024-11-13T21:30:38Z",
"published": "2024-11-13T21:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37025"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01197.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-CQCR-6GVH-8XMG
Vulnerability from github – Published: 2025-12-26 15:30 – Updated: 2025-12-26 15:30IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.
{
"affected": [],
"aliases": [
"CVE-2025-36228"
],
"database_specific": {
"cwe_ids": [
"CWE-279"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-26T15:15:46Z",
"severity": "LOW"
},
"details": "IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.",
"id": "GHSA-cqcr-6gvh-8xmg",
"modified": "2025-12-26T15:30:17Z",
"published": "2025-12-26T15:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36228"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7255331"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-F2HW-22W7-PG9W
Vulnerability from github – Published: 2025-07-17 18:31 – Updated: 2025-07-17 18:31NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on the VLAN.
{
"affected": [],
"aliases": [
"CVE-2025-23263"
],
"database_specific": {
"cwe_ids": [
"CWE-279"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-17T18:15:24Z",
"severity": "HIGH"
},
"details": "NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on the VLAN.",
"id": "GHSA-f2hw-22w7-pg9w",
"modified": "2025-07-17T18:31:14Z",
"published": "2025-07-17T18:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23263"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5654"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FGHC-C4MF-Q7P3
Vulnerability from github – Published: 2025-09-04 21:31 – Updated: 2025-09-04 21:31In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2025-26422"
],
"database_specific": {
"cwe_ids": [
"CWE-279"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-04T18:15:40Z",
"severity": "MODERATE"
},
"details": "In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-fghc-c4mf-q7p3",
"modified": "2025-09-04T21:31:37Z",
"published": "2025-09-04T21:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26422"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/frameworks/base/+/63ae789499395abc2b71fd46f57cac3c4ba1bd9d"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2025-05-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JGCR-FG3G-QVW8
Vulnerability from github – Published: 2021-05-10 15:18 – Updated: 2021-05-07 16:46When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.solr:solr-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.8.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29262"
],
"database_specific": {
"cwe_ids": [
"CWE-279",
"CWE-522"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-07T16:46:48Z",
"nvd_published_at": "2021-04-13T07:15:00Z",
"severity": "HIGH"
},
"details": "When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.",
"id": "GHSA-jgcr-fg3g-qvw8",
"modified": "2021-05-07T16:46:48Z",
"published": "2021-05-10T15:18:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29262"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/SOLR-15249"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r1171f6417eeb6d5e1206d53e2b2ff2d6ee14026f8b595ef7d8a33b79@%3Coak-issues.jackrabbit.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r1e92a2eff6c47a65c4a6e95e809a9707181de76f8062403a0bea1012@%3Coak-issues.jackrabbit.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r51b29ff62060b67bc9999ded5e252b36b09311fe5a02d27f6de3e4d3@%3Coak-issues.jackrabbit.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r536da4c4e4e406f7843461cc754a3d0a3fe575aa576e2b71a9cd57d0%40%3Cannounce.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7151081abab92a827a607205c4260b0a3d22280b52d15bc909177608@%3Coak-issues.jackrabbit.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r8d35eeb9a470d2682b5bcf3be0b8942faa7e28f9ca5861c058d17fff@%3Coak-issues.jackrabbit.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9c4ce6903218c92ef2583070e64af5a69e483821c4b3016dc41e3c6f@%3Coak-issues.jackrabbit.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rb6db683903174eaa44ec80cc118a38574319b0d4181f36b61ee6278f@%3Cdev.jackrabbit.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rbc680cbfd745f22d182158217428a296e8e398cde16f3f428fe4bddc@%3Coak-issues.jackrabbit.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd85f87e559ee27e9c69795e3ad93a77621895e0328ea3df41d711d72@%3Coak-commits.jackrabbit.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ref84e60192f4bdc3206b247f260513e8d4e71f3e200792f75386d07a@%3Cdev.jackrabbit.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210604-0009"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper permission handling in Apache Solr"
}
GHSA-MXJH-5564-F256
Vulnerability from github – Published: 2026-03-27 06:31 – Updated: 2026-05-15 21:31A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leading to unauthorized changes in network security configurations.
{
"affected": [],
"aliases": [
"CVE-2026-4948"
],
"database_specific": {
"cwe_ids": [
"CWE-279"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-27T06:16:39Z",
"severity": "MODERATE"
},
"details": "A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leading to unauthorized changes in network security configurations.",
"id": "GHSA-mxjh-5564-f256",
"modified": "2026-05-15T21:31:30Z",
"published": "2026-03-27T06:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4948"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-4948"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452086"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00029.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PCG2-78C9-XJ3V
Vulnerability from github – Published: 2025-12-11 21:31 – Updated: 2025-12-11 21:31Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists.
{
"affected": [],
"aliases": [
"CVE-2025-13663"
],
"database_specific": {
"cwe_ids": [
"CWE-279"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-11T21:15:46Z",
"severity": "MODERATE"
},
"details": "Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists.",
"id": "GHSA-pcg2-78c9-xj3v",
"modified": "2025-12-11T21:31:33Z",
"published": "2025-12-11T21:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13663"
},
{
"type": "WEB",
"url": "https://www.altera.com/security/security-advisory/asa-0001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PH64-GWHP-Q7M9
Vulnerability from github – Published: 2025-02-13 00:33 – Updated: 2025-02-13 00:33Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via local access.
{
"affected": [],
"aliases": [
"CVE-2024-39286"
],
"database_specific": {
"cwe_ids": [
"CWE-279"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-12T22:15:36Z",
"severity": "LOW"
},
"details": "Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via local access.",
"id": "GHSA-ph64-gwhp-q7m9",
"modified": "2025-02-13T00:33:06Z",
"published": "2025-02-13T00:33:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39286"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01236.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.