目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-653 不充分的划分 类漏洞列表 35

CWE-653 不充分的划分 类弱点 35 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-653指缺乏适当隔离或分区的漏洞,表现为产品未对需不同权限的功能、进程或资源进行有效隔离。攻击者常利用此缺陷,通过低权限入口突破边界,将破坏范围扩展至高权限用户或核心资源。开发者应实施严格的访问控制与权限分离,确保各组件间具备强边界,防止低特权实体越权访问高特权资源,从而降低整体安全风险。

MITRE CWE 官方描述
CWE:CWE-653 隔离或隔离区(Compartmentalization)不当 英文:产品未能正确地对需要不同特权级别(privilege levels)、权利(rights)或权限(permissions)的功能、进程或资源进行隔离区(compartmentalize)或隔离(isolate)。 当弱点出现在可由低特权用户访问的功能中时,若缺乏强有力的边界(boundaries),攻击可能会将损害范围扩展至更高特权用户。
常见影响 (1)
Access ControlGain Privileges or Assume Identity, Bypass Protection Mechanism
The exploitation of a weakness in low-privileged areas of the software can be leveraged to reach higher-privileged areas without having to overcome any additional obstacles.
缓解措施 (1)
Architecture and DesignBreak up privileges between different modules, objects, or entities. Minimize the interfaces between modules and require strong access control between them.
代码示例 (2)
Single sign-on technology is intended to make it easier for users to access multiple resources or domains without having to authenticate each time. While this is highly convenient for the user and attempts to address problems with psychological acceptability, it also means that a compromise of a user's credentials can provide immediate access to all other resources or domains.
The traditional UNIX privilege model provides root with arbitrary access to all resources, but root is frequently the only user that has privileges. As a result, administrative tasks require root privileges, even if those tasks are limited to a small area, such as updating user manpages. Some UNIX flavors have a "bin" user that is the owner of system executables, but since root relies on executabl…
CVE ID标题CVSS风险等级Published
CVE-2024-49373 No Fuss Computing Centurion ERP 安全漏洞 — centurion_erp 4.1 Medium2024-10-22
CVE-2024-8118 Grafana 安全漏洞 — Grafana 4.3AIMediumAI2024-09-26
CVE-2024-20285 Cisco NX-OS Software 安全漏洞 — Cisco NX-OS Software 5.3 Medium2024-08-28
CVE-2023-1636 barbican 安全漏洞 — openstack-barbican 6.0 Medium2023-09-24
CVE-2023-1305 InsightCloudSec 安全漏洞 — InsightCloudSec 8.1 -2023-03-21

CWE-653(不充分的划分) 是常见的弱点类别,本平台收录该类弱点关联的 35 条 CVE 漏洞。