Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CWE-276 (缺省权限不正确) — Vulnerability Class 464

464 vulnerabilities classified as CWE-276 (缺省权限不正确). AI Chinese analysis included.

CWE-276 represents a critical configuration weakness where software installation processes assign overly permissive access rights to files, often granting read, write, and execute privileges to all users. This flaw typically allows malicious actors to modify or replace critical application binaries, configuration files, or scripts without authentication. By altering these unprotected resources, attackers can inject malicious code, escalate privileges, or compromise system integrity, effectively bypassing security controls that rely on file integrity. To mitigate this risk, developers must adhere to the principle of least privilege during deployment. This involves explicitly setting restrictive permissions, such as read-only access for general users and write access only for administrators. Automated installation scripts should verify and enforce these secure defaults, ensuring that sensitive files remain immutable to unauthorized entities and preserving the overall security posture of the deployed environment.

MITRE CWE Description
During installation, installed file permissions are set to allow anyone to modify those files.
Common Consequences (1)
Confidentiality, IntegrityRead Application Data, Modify Application Data
Mitigations (2)
Architecture and Design, OperationThe architecture needs to access and modification attributes for files to only those users who actually require those actions.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
CVE IDTitleCVSSSeverityPublished
CVE-2023-31358 AMD Manageability API 安全漏洞 — AIM-T Manageability API 7.3 High2025-05-13
CVE-2024-36339 AMD Optimizing CPU Libraries 安全漏洞 — AMD Optimizing CPU Libraries (AOCL) 7.3 High2025-05-13
CVE-2024-21960 AMD Optimizing CPU Libraries 安全漏洞 — AMD Optimizing CPU Libraries (AOCL) 7.3 High2025-05-13
CVE-2025-3528 Mirror-registry: local privilege escalation due to incorrect permissions in mirror-registry 8.2 High2025-05-09
CVE-2025-43595 MSP360 Backup (for Linux) insecure filesystem permissions — Backup 7.8 High2025-05-01
CVE-2025-42598 SEIKO EPSON printer drivers 安全漏洞 — SEIKO EPSON printer drivers for Windows OS 7.8 High2025-04-28
CVE-2025-24914 Local Priviledge Escalation — Nessus 7.8 High2025-04-18
CVE-2025-23386 gerbera: Privilege escalation from user gerbera to root because of insecure %post script — openSUSE Tumbleweed 7.8 High2025-04-10
CVE-2025-29801 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability — Microsoft AutoUpdate for Mac 7.8 High2025-04-08
CVE-2025-0014 AMD Ryzen AI 安全漏洞 — AMD Ryzen™ AI Software 7.3 High2025-04-02
CVE-2025-2782 WatchGuard Terminal Services Agent Local Privilege Escalation via Non-Standard Installation Directory — Terminal Services Agent 7.8 -2025-03-28
CVE-2025-2781 WatchGuard Mobile VPN with SSL Local Privilege Escalation via Non-Standard Installation Directory — Mobile VPN with SSL Client 7.8 -2025-03-28
CVE-2025-27612 Libcontainer is affected by capabilities elevation — youki 5.9 Medium2025-03-21
CVE-2025-24915 Tenable Nessus Agent 安全漏洞 — Nessus Agent 7.8 High2025-03-21
CVE-2024-0245 Task Hijacking in hamza417/inure — hamza417/inure 5.5 -2025-03-20
CVE-2025-27926 Nintex Automation 安全漏洞 — Automation 4.3 Medium2025-03-10
CVE-2025-22447 RSUPPORT RemoteView Agent 安全漏洞 — RemoteView Agent (for Windows) 7.8 -2025-03-06
CVE-2025-24864 RSUPPORT RemoteView Agent 安全漏洞 — RemoteView Agent (for Windows) 7.8 -2025-03-06
CVE-2024-58050 Huawei HarmonyOS 安全漏洞 — HarmonyOS 6.2 Medium2025-03-04
CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions — spotipy 8.8 -2025-02-27
CVE-2025-21106 Dell RecoverPoint for Virtual Machines 安全漏洞 — RecoverPoint for VMs 5.5 Medium2025-02-20
CVE-2023-31360 AMD Integrated Management Technology 安全漏洞 — AIM-T(AMD Integrated Management Technology) software 7.3 High2025-02-11
CVE-2025-24795 The Snowflake Connector for Python uses insecure cache files permissions — snowflake-connector-python 4.4 Medium2025-01-29
CVE-2025-24788 Snowflake Connector for .NET has weak temporary files permissions — snowflake-connector-net 5.0 Medium2025-01-29
CVE-2025-24790 Snowflake JDBC uses insecure temporary credential cache file permissions — snowflake-jdbc 4.4 Medium2025-01-29
CVE-2025-0797 MicroWorld eScan Antivirus Quarantine Microworld default permission — eScan Antivirus 3.3 Low2025-01-29
CVE-2025-24826 Acronis Snap Deploy 安全漏洞 — Acronis Snap Deploy 7.8 -2025-01-28
CVE-2025-0543 G DATA Security Client Local privilege escalation — G DATA Security Client 7.8 High2025-01-25
CVE-2025-0542 G DATA Management Server Local privilege escalation — G DATA Management Server 7.8 High2025-01-25
CVE-2024-55930 Weak default folder permissions — Xerox Workplace Suite 6.7 Medium2025-01-23

Vulnerabilities classified as CWE-276 (缺省权限不正确) represent 464 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.