Weaknesses in this category occur with improper handling, assignment, or management of privileges. A privilege is a property of an agent, such as a user. It lets the agent do things that are not ordinarily allowed. For example, there are privileges which allow an agent to perform maintenance functions such as restart a computer.
| Nature | Mapping | Type | ID | Name |
|---|---|---|---|---|
| MemberOf | Prohibited | V | 699 | Software Development |
| HasMember | Allowed | V | 243 | Creation of chroot Jail Without Changing Working Directory |
| HasMember | Allowed | B | 250 | Execution with Unnecessary Privileges |
| HasMember | Allowed | B | 266 | Incorrect Privilege Assignment |
| HasMember | Allowed | B | 267 | Privilege Defined With Unsafe Actions |
| HasMember | Allowed | B | 268 | Privilege Chaining |
| HasMember | Allowed | B | 270 | Privilege Context Switching Error |
| HasMember | Allowed | B | 272 | Least Privilege Violation |
| HasMember | Allowed | B | 273 | Improper Check for Dropped Privileges |
| HasMember | Discouraged | B | 274 | Improper Handling of Insufficient Privileges |
| HasMember | Allowed | B | 280 | Improper Handling of Insufficient Permissions or Privileges |
| HasMember | Allowed | B | 501 | Trust Boundary Violation |
| HasMember | Allowed | V | 580 | clone() Method Without super.clone() |
| HasMember | Allowed | B | 648 | Incorrect Use of Privileged APIs |
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
See member weaknesses of this category.
This can strongly overlap authorization errors.
N/A
A sandbox could be regarded as an explicitly defined sphere of control, in that the sandbox only defines a limited set of behaviors, which can only access a limited set of resources.
N/A
It could be argued that any privilege problem occurs within the context of a sandbox.
N/A
Many of the following concepts require deeper study. Most privilege problems are not classified at such a low level of detail, and terminology is very sparse. Certain classes of software, such as web browsers and software bug trackers, provide a rich set of examples for further research. Operating systems have matured to the point that these kinds of weaknesses are rare, but finer-grained models for privileges, capabilities, or roles might introduce subtler issues.
N/A
| Taxonomy Name | Entry ID | Fit | Entry Name |
|---|---|---|---|
| PLOVER | N/A | N/A | Privilege / sandbox errors |