目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-283 未经验证的属主 类漏洞列表 17

CWE-283 未经验证的属主 类弱点 17 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-283 属于所有权验证缺失漏洞,指系统未核实关键资源是否由合法实体拥有。攻击者常利用此缺陷,通过伪造或劫持资源所有权,绕过访问控制以执行未授权操作或篡改数据。开发者应避免此问题,在涉及资源权限变更或敏感操作前,强制实施严格的所有权校验机制,确保资源归属与预期主体一致,从而阻断非法访问路径。

MITRE CWE 官方描述
CWE:CWE-283 Unverified Ownership(未验证所有权) 英文:The product does not properly verify that a critical resource is owned by the proper entity. 译文:该产品未能正确验证关键资源是否由正确的实体所有。
常见影响 (1)
Access ControlGain Privileges or Assume Identity
An attacker could gain unauthorized access to system resources.
缓解措施 (2)
Architecture and Design, OperationVery carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Architecture and DesignConsider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
代码示例 (1)
This function is part of a privileged program that takes input from users with potentially lower privileges.
def killProcess(processID): os.kill(processID, signal.SIGKILL)
Bad · Python
def killProcess(processID): user = getCurrentUser() #Check process owner against requesting user if getProcessOwner(processID) == user: os.kill(processID, signal.SIGKILL) return else: print("You cannot kill a process you don't own") return
Good · Python
CVE ID标题CVSS风险等级Published
CVE-2026-40337 Sentry kernel 安全漏洞 — sentry-kernel 5.1 Medium2026-04-17
CVE-2026-29788 TSPortal 安全漏洞 — TSPortal 6.5 -2026-03-06
CVE-2026-27486 OpenClaw 安全漏洞 — openclaw 6.5AIMediumAI2026-02-21
CVE-2026-0598 Red Hat Ansible Automation Platform 2 安全漏洞 — Red Hat Ansible Automation Platform 2.6 4.2 Medium2026-02-06
CVE-2025-12815 Amazon Web Services Research and Engineering Studio 安全漏洞 — Research and Engineering Studio (RES) 4.3 Medium2025-11-06
CVE-2025-36091 IBM Cloud Pak for Business Automation 安全漏洞 — Cloud Pak For Business Automation 4.3 Medium2025-11-03
CVE-2025-9822 Mautic 安全漏洞 — Mautic 5.5 Medium2025-09-03
CVE-2025-43882 Dell ThinOS 10 安全漏洞 — ThinOS 10 7.8 High2025-08-27
CVE-2025-47940 TYPO3 安全漏洞 — typo3 7.2 High2025-05-20
CVE-2024-27903 OpenVPN 安全漏洞 — OpenVPN 2 8.8AIHighAI2024-07-08
CVE-2024-1853 Zemana AntiLogger 安全漏洞 — AntiLogger 5.5 Medium2024-03-14
CVE-2023-6068 Arista Networks MultiAccess FPGA 安全漏洞 — MOS 3.1 Low2024-03-04
CVE-2023-30544 Kiwi TCMS 安全漏洞 — Kiwi 3.9 Low2023-04-24
CVE-2022-29220 github-action-merge-dependabot 数据伪造问题漏洞 — github-action-merge-dependabot 6.5 Medium2022-05-31
CVE-2021-24501 WordPress 访问控制错误漏洞 — Workreap 6.5 -2021-08-09
CVE-2021-24500 WordPress 跨站请求伪造漏洞 — Workreap 8.1 -2021-08-09
CVE-2020-8554 Kubernetes 安全漏洞 — Kubernetes 6.3 Medium2021-01-21

CWE-283(未经验证的属主) 是常见的弱点类别,本平台收录该类弱点关联的 17 条 CVE 漏洞。