目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-279 不安全的运行时授予权限 类漏洞列表 15

CWE-279 不安全的运行时授予权限 类弱点 15 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-279属于权限配置错误漏洞,指程序在执行过程中为对象设置的权限违背了用户预期的安全策略。攻击者通常利用此缺陷,通过触发特定执行路径,使敏感文件或资源获得过高的访问权限,从而窃取数据或执行未授权操作。开发者应避免硬编码权限,严格遵循最小权限原则,并在运行时动态验证权限分配逻辑,确保最终权限与用户意图一致。

MITRE CWE 官方描述
CWE:CWE-279 Incorrect Execution-Assigned Permissions(执行时分配权限错误) 英文:在程序执行过程中,产品以违反用户指定的预期权限的方式设置对象的权限。
常见影响 (1)
Confidentiality, IntegrityRead Application Data, Modify Application Data
缓解措施 (2)
Architecture and Design, OperationVery carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
CVE ID标题CVSS风险等级Published
CVE-2026-4948 firewalld 安全漏洞 — Red Hat Enterprise Linux 10 5.5 Medium2026-03-27
CVE-2026-20062 Cisco Secure Firewall Adaptive Security Appliance 安全漏洞 — Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 7.2 High2026-03-04
CVE-2025-12801 Red Hat Enterprise Linux 10 安全漏洞 — Red Hat Enterprise Linux 10 6.5 Medium2026-03-04
CVE-2025-14025 Red Hat Ansible Automation Platform 安全漏洞 — Red Hat Ansible Automation Platform 2.5 for RHEL 8 8.5 High2026-01-08
CVE-2025-36228 IBM Aspera Faspex 安全漏洞 — Aspera Faspex 5 3.8 Low2025-12-26
CVE-2025-13663 altera Quartus Prime Pro Edition Design Software 安全漏洞 — Quartus Prime Pro 6.7 Medium2025-12-11
CVE-2024-25621 containerd 安全漏洞 — containerd 7.3 High2025-11-06
CVE-2025-30001 Apache StreamPark 安全漏洞 — Apache StreamPark 8.1AIHighAI2025-10-10
CVE-2025-23263 NVIDIA DOCA-Host和NVIDIA Mellanox OFED 安全漏洞 — DOCA-Host and Mellanox OFED 7.6 High2025-07-17
CVE-2024-11220 Open Automation Software 安全漏洞 — Open Automation Software 7.8 High2024-12-06
CVE-2023-4665 Saphira Connect 跨站脚本漏洞 — Saphira Connect 8.8 High2023-09-15
CVE-2023-3915 GitLab 安全漏洞 — GitLab 6.5 Medium2023-09-01
CVE-2023-4383 MicroWorld Technologies eScan Anti-Virus 安全漏洞 — eScan Anti-Virus 7.8 High2023-08-16
CVE-2020-8025 openSUSE和SUSE Linux Enterprise Server permissions 安全漏洞 — SUSE Linux Enterprise Server 12-SP4 6.1 Medium2020-08-07
CVE-2017-8441 Elastic X-Pack Security 权限许可和访问控制漏洞 — X-Pack Security 4.3 -2017-06-05

CWE-279(不安全的运行时授予权限) 是常见的弱点类别,本平台收录该类弱点关联的 15 条 CVE 漏洞。