Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-277 (不安全的继承权限) — Vulnerability Class 22

22 vulnerabilities classified as CWE-277 (不安全的继承权限). AI Chinese analysis included.

CWE-277 represents a critical access control weakness where a software application assigns overly permissive security attributes to newly created objects, such as files or directories, which are then inherited by child entities. Attackers typically exploit this flaw by creating a malicious file or directory that inherits these excessive privileges, allowing unauthorized users to read, modify, or execute sensitive data without proper authentication. This vulnerability often arises when developers rely on default system permissions rather than explicitly defining restrictive access controls during object creation. To mitigate this risk, developers must implement the principle of least privilege by explicitly setting secure, minimal permissions for all new resources. Additionally, utilizing secure coding practices that override default inheritance settings and regularly auditing file system permissions can prevent accidental exposure of sensitive information to untrusted actors.

MITRE CWE Description
A product defines a set of insecure permissions that are inherited by objects that are created by the program.
Common Consequences (1)
Confidentiality, IntegrityRead Application Data, Modify Application Data
Mitigations (2)
Architecture and Design, OperationVery carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
CVE IDTitleCVSSSeverityPublished
CVE-2026-7891 Mendix Studio Pro<=11.8.0 Beta授权配置错误致数据泄露 — VerySecureApp--2026-05-07
CVE-2025-65111 SpiceDB's LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results — spicedb 5.4 -2025-11-21
CVE-2025-64185 Open OnDemand RPM packages create world writable locations — ondemand--2025-11-20
CVE-2025-11554 Portabilis i-Educar User Type AccessLevelController.php insecure inherited permissions — i-Educar 6.3 Medium2025-10-09
CVE-2025-9039 Information Disclosure in Amazon ECS Container Agent — ECS 4.3 Medium2025-08-14
CVE-2025-36104 IBM Storage Scale information disclosure — Storage Scale 6.5 Medium2025-07-12
CVE-2025-32797 Conda-build Insecure Build Script Permissions Enabling Arbitrary Code Execution — conda-build 7.0AIHighAI2025-06-16
CVE-2025-3473 IBM Security Guardium privilege escalation — Security Guardium 6.7 Medium2025-06-11
CVE-2018-25111 Django-Helpdesk 安全漏洞 — django-helpdesk 5.1 Medium2025-05-31
CVE-2025-31332 Insecure File permissions vulnerability in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence Platform 6.6 Medium2025-04-08
CVE-2025-29982 Dell Wyse Management Suite WMS 安全漏洞 — Wyse Management Suite 6.8 Medium2025-04-02
CVE-2024-51448 IBM Robotic Process Automation privilege escalation — Robotic Process Automation 6.7 Medium2025-01-18
CVE-2024-45599 TCC Bypass in Cursor's macOS Application — cursor 3.8 Low2024-09-24
CVE-2024-7143 Pulpcore: rbac permissions incorrectly assigned in tasks that create objects 8.1 -2024-08-07
CVE-2023-29065 Overly Permissive Access Policy — FACSChorus 4.1 Medium2023-11-28
CVE-2023-34391 Insecure Inherited Permissions — SEL-5033 AcSELerator RTAC Software 7.4 High2023-08-31
CVE-2021-41170 Evaluation of closures can lead to execution of methods & functions in current program scope — neoan3-template 9.8 Critical2021-11-08
CVE-2021-32725 Default share permissions not respected for federated reshares — security-advisories 3.5 Low2021-07-12
CVE-2021-24032 Zstandard 安全漏洞 — Zstandard 5.5 -2021-03-04
CVE-2021-24031 Zstandard 安全漏洞 — Zstandard 5.5 -2021-03-04
CVE-2020-5343 Dell OS recovery image for Windows 安全漏洞 — CPG SW 7.3 High2020-05-04
CVE-2019-5068 X11 Mesa 3D Graphics Library 安全漏洞 — Mesa 3D X11 Graphics library 5.1 -2019-11-05

Vulnerabilities classified as CWE-277 (不安全的继承权限) represent 22 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.