目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-272 最小特权原则违背 类漏洞列表 20

CWE-272 最小特权原则违背 类弱点 20 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-272 属于权限管理缺陷,指程序在执行需高权限的操作(如 chroot)后未及时降低权限。攻击者可利用此漏洞,在特权窗口期内执行恶意代码或访问敏感资源,从而提升权限并控制系统。开发者应避免长期持有高权限,确保特权操作完成后立即恢复至最小必要权限,严格遵循最小权限原则以缩小攻击面。

MITRE CWE 官方描述
CWE:CWE-272 最小权限违规 英文:执行 chroot() 等操作所需的提升权限级别应在操作完成后立即撤销。
常见影响 (1)
Access Control, ConfidentialityGain Privileges or Assume Identity, Read Application Data, Read Files or Directories
An attacker may be able to access resources with the elevated privilege that could not be accessed with the attacker's original privileges. This is particularly likely in conjunction with another flaw, such as a buffer overflow.
缓解措施 (3)
Architecture and Design, OperationVery carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Architecture and DesignFollow the principle of least privilege when assigning access rights to entities in a software system.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
代码示例 (2)
The following example demonstrates the weakness.
setuid(0); // Do some important stuff setuid(old_uid); // Do some non privileged stuff.
Bad · C
The following example demonstrates the weakness.
AccessController.doPrivileged(new PrivilegedAction() { public Object run() { // privileged code goes here, for example: System.loadLibrary("awt"); return null; // nothing to return }
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2026-32655 Dell Alienware Command Center 安全漏洞 — Alienware Command Center (AWCC) 5.3 Medium2026-04-27
CVE-2025-9711 Broadcom Brocade Fabric OS 安全漏洞 — Fabric OS 8.4AIHighAI2026-02-03
CVE-2025-59106 Dormakaba Access Manager 安全漏洞 — Access Manager 92xx-k7 8.4AIHighAI2026-01-26
CVE-2026-23634 Pepr 安全漏洞 — pepr--2026-01-16
CVE-2025-68267 JetBrains TeamCity 安全漏洞 — TeamCity 6.5 Medium2025-12-16
CVE-2025-8758 TRENDnet TEW-822DRE 安全漏洞 — TEW-822DRE 7.0 High2025-08-09
CVE-2025-8757 TRENDnet TV-IP110WN 安全漏洞 — TV-IP110WN 7.0 High2025-08-09
CVE-2025-8181 TOTOLINK N600R和TOTOLINK X2000R 安全漏洞 — N600R 7.2 High2025-07-26
CVE-2025-7722 WordPress plugin Social Streams 安全漏洞 — Social Streams 8.8 High2025-07-23
CVE-2025-1384 Omron Sysmac Studio和Omron NJ/NX-series Machine Automation Controllers 安全漏洞 — Machine Automation Controller NJ-series 7.0 High2025-07-13
CVE-2025-49144 Notepad++ 安全漏洞 — notepad-plus-plus 7.3 High2025-06-23
CVE-2025-47809 Wibu CodeMeter 安全漏洞 — CodeMeter 8.2 High2025-05-16
CVE-2024-28829 Checkmk 安全漏洞 — Checkmk 7.8AIHighAI2024-08-20
CVE-2024-27165 Toshiba e-STUDIO 安全漏洞 — Toshiba Tec e-Studio multi-function peripheral (MFP) 7.8 High2024-06-14
CVE-2024-28824 Checkmk 安全漏洞 — Checkmk 8.8 High2024-03-22
CVE-2024-0638 Checkmk 安全漏洞 — Checkmk 8.2 High2024-03-22
CVE-2024-0798 AnythingLLM 安全漏洞 — mintplex-labs/anything-llm 4.9 -2024-02-25
CVE-2023-32451 Dell Display Manager 安全漏洞 — Dell Display Manager 7.3 High2024-02-06
CVE-2023-28047 Dell Display Manager 安全漏洞 — Dell Display Manager 7.3 High2023-04-20
CVE-2023-28046 Dell Display Manager 安全漏洞 — Dell Display Manager 6.6 Medium2023-04-06

CWE-272(最小特权原则违背) 是常见的弱点类别,本平台收录该类弱点关联的 20 条 CVE 漏洞。