Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-282 (属主管理不恰当) — Vulnerability Class 27

27 vulnerabilities classified as CWE-282 (属主管理不恰当). AI Chinese analysis included.

CWE-282 represents a critical security weakness where software fails to correctly assign or verify the ownership of system objects or resources. This flaw typically allows attackers to exploit the misconfiguration by gaining unauthorized control over files, processes, or memory structures, often leading to privilege escalation or data tampering. By manipulating ownership attributes, adversaries can bypass access controls, execute malicious code with elevated permissions, or disrupt system integrity. To mitigate this risk, developers must implement rigorous validation mechanisms that strictly enforce ownership checks during resource creation and modification. Utilizing principle of least privilege, ensuring atomic operations, and employing robust identity management frameworks are essential strategies. Regular code audits and automated static analysis tools further help identify these vulnerabilities early, ensuring that only authorized entities can alter resource ownership, thereby maintaining system security and preventing exploitation.

MITRE CWE Description
The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.
Common Consequences (1)
Access ControlGain Privileges or Assume Identity
Mitigations (1)
Architecture and Design, OperationVery carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Examples (1)
This function is part of a privileged program that takes input from users with potentially lower privileges.
def killProcess(processID): os.kill(processID, signal.SIGKILL)
Bad · Python
def killProcess(processID): user = getCurrentUser() #Check process owner against requesting user if getProcessOwner(processID) == user: os.kill(processID, signal.SIGKILL) return else: print("You cannot kill a process you don't own") return
Good · Python
CVE IDTitleCVSSSeverityPublished
CVE-2026-40214 OpenStack Cyborg <16.0.1越权删除漏洞 — Cyborg 6.3 Medium2026-05-07
CVE-2026-3867 Moxa EDR-8010 Series和Moxa EDR-G9010 Series 安全漏洞 — EDR-8010 Series 5.3AIMediumAI2026-04-27
CVE-2026-23514 Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management — core 8.8 High2026-03-25
CVE-2025-57732 JetBrains TeamCity 安全漏洞 — TeamCity 7.5 High2025-08-20
CVE-2025-1112 IBM OpenPages with Watson information disclosure — OpenPages with Watson 4.3 Medium2025-07-09
CVE-2025-46416 Nix、lix和GNU Guix 安全漏洞 — Nix 2.9 Low2025-06-27
CVE-2025-3629 IBM InfoSphere Information Server file manipulation — InfoSphere Information Server 4.3 Medium2025-06-21
CVE-2025-32946 PeerTube Arbitrary Playlist Creation via ActivityPub Protocol 5.3 Medium2025-04-15
CVE-2025-32945 PeerTube Arbitrary Playlist Creation via REST API 4.3 Medium2025-04-15
CVE-2025-27254 GE Vernova EnerVista UR 授权问题漏洞 — EnerVista UR Setup 8.0 High2025-03-10
CVE-2024-13249 Node Access Rebuild Progressive - Less critical - Access bypass - SA-CONTRIB-2024-013 — Node Access Rebuild Progressive 8.1 -2025-01-09
CVE-2024-13246 Node Access Rebuild Progressive - Less critical - Access bypass - SA-CONTRIB-2024-010 — Node Access Rebuild Progressive 8.1 -2025-01-09
CVE-2024-43176 IBM OpenPages information disclosure — OpenPages 5.4 Medium2025-01-09
CVE-2024-47816 Users can impersonate import requesters if their actor IDs coincide in ImportDump — ImportDump 6.4 Medium2024-10-09
CVE-2024-39755 Veertu Anka Build 安全漏洞 — Anka Build 7.8 High2024-10-03
CVE-2024-8949 SourceCodester Online Eyewear Shop Cart Content Master.php improper ownership management — Online Eyewear Shop 6.3 Medium2024-09-17
CVE-2024-45104 Lenovo XClarity Administrator 安全漏洞 — XClarity Administrator 6.3 Medium2024-09-13
CVE-2024-45103 Lenovo XClarity Administrator 安全漏洞 — XClarity Administrator 4.3 Medium2024-09-13
CVE-2024-37999 Medicalis Workflow Orchestrator 安全漏洞 — Medicalis Workflow Orchestrator 7.8 High2024-07-08
CVE-2024-3383 PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE) — PAN-OS 7.4 High2024-04-10
CVE-2023-7226 meetyoucrop big-whale Admin Module all.api improper ownership management — big-whale 6.3 Medium2024-01-11
CVE-2023-0989 Improper Ownership Management in GitLab — GitLab 4.3 Medium2023-09-29
CVE-2023-0386 Linux kernel 安全漏洞 — Kernel 7.8 -2023-03-22
CVE-2022-29187 Bypass of safe.directory protections in Git — git 7.8 High2022-07-12
CVE-2022-0026 Cortex XDR Agent: Unintended Program Execution Leads to Local Privilege Escalation (PE) Vulnerability — Cortex XDR Agent 6.7 Medium2022-05-11
CVE-2020-10632 ICSA-20-140-02 Emerson OpenEnterprise — OpenEnterprise SCADA Software 8.8 High2022-02-24
CVE-2017-12189 Red Hat JBoss Enterprise Application Platform 安全漏洞 — Red Hat JBoss Enterprise Application Platform 7.8 -2018-01-10

Vulnerabilities classified as CWE-282 (属主管理不恰当) represent 27 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.