Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-279 (不安全的运行时授予权限) — Vulnerability Class 15

15 vulnerabilities classified as CWE-279 (不安全的运行时授予权限). AI Chinese analysis included.

CWE-279 represents a critical configuration weakness where software incorrectly assigns execution permissions to objects, violating the user’s intended security policy. This flaw typically arises when developers fail to properly validate or apply access control lists during runtime, resulting in files or processes inheriting overly permissive settings. Attackers exploit this by manipulating these misconfigured permissions to escalate privileges, execute unauthorized code, or access sensitive data that should remain restricted. To mitigate this risk, developers must implement strict least-privilege principles, ensuring that permissions are explicitly defined and verified before assignment. Rigorous input validation, automated security testing, and comprehensive code reviews are essential practices to detect these discrepancies early. By enforcing precise permission controls and regularly auditing system configurations, organizations can prevent unintended access, thereby maintaining the integrity and confidentiality of their digital assets against potential exploitation.

MITRE CWE Description
While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.
Common Consequences (1)
Confidentiality, IntegrityRead Application Data, Modify Application Data
Mitigations (2)
Architecture and Design, OperationVery carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
CVE IDTitleCVSSSeverityPublished
CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization — Red Hat Enterprise Linux 10 5.5 Medium2026-03-27
CVE-2026-20062 Cisco Secure Firewall Adaptive Security Appliance 安全漏洞 — Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 7.2 High2026-03-04
CVE-2025-12801 Nfs-utils: rpc.mountd in the nfs-utils privilege escalation — Red Hat Enterprise Linux 10 6.5 Medium2026-03-04
CVE-2025-14025 Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions — Red Hat Ansible Automation Platform 2.5 for RHEL 8 8.5 High2026-01-08
CVE-2025-36228 Incorrect Execution-Assigned Permissions in IBM Aspera Faspex — Aspera Faspex 5 3.8 Low2025-12-26
CVE-2025-13663 Quartus Prime Pro Edition Installer Advisory — Quartus Prime Pro 6.7 Medium2025-12-11
CVE-2024-25621 containerd affected by a local privilege escalation via wide permissions on CRI directory — containerd 7.3 High2025-11-06
CVE-2025-30001 Apache StreamPark: Authenticated users can trigger remote command execution — Apache StreamPark 8.1AIHighAI2025-10-10
CVE-2025-23263 NVIDIA DOCA-Host和NVIDIA Mellanox OFED 安全漏洞 — DOCA-Host and Mellanox OFED 7.6 High2025-07-17
CVE-2024-11220 Open Automation Software Incorrect Execution-Assigned Permissions — Open Automation Software 7.8 High2024-12-06
CVE-2023-4665 Privilage Escalation in Saphira Connect — Saphira Connect 8.8 High2023-09-15
CVE-2023-3915 Incorrect Execution-Assigned Permissions in GitLab — GitLab 6.5 Medium2023-09-01
CVE-2023-4383 MicroWorld eScan Anti-Virus runasroot incorrect execution-assigned permissions — eScan Anti-Virus 7.8 High2023-08-16
CVE-2020-8025 outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues — SUSE Linux Enterprise Server 12-SP4 6.1 Medium2020-08-07
CVE-2017-8441 Elastic X-Pack Security 权限许可和访问控制漏洞 — X-Pack Security 4.3 -2017-06-05

Vulnerabilities classified as CWE-279 (不安全的运行时授予权限) represent 15 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.