Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:Permission Issues
Category ID:275
Vulnerability Mapping:Prohibited
Status:Draft
DetailsContent HistoryObserved CVE ExamplesReports
▼Summary

Weaknesses in this category are related to improper assignment or handling of permissions.

▼Membership
NatureMappingTypeIDName
MemberOfProhibitedV699Software Development
HasMemberAllowedB276Incorrect Default Permissions
HasMemberAllowedV277Insecure Inherited Permissions
HasMemberAllowedV278Insecure Preserved Inherited Permissions
HasMemberAllowedV279Incorrect Execution-Assigned Permissions
HasMemberAllowedB280Improper Handling of Insufficient Permissions or Privileges
HasMemberAllowedB281Improper Preservation of Permissions
HasMemberAllowedV618Exposed Unsafe ActiveX Method
HasMemberAllowedB766Critical Data Element Declared Public
HasMemberAllowedB767Access to Critical Private Variable via Public Method
Nature: MemberOf
Mapping: Prohibited
Type: View
ID: 699
Name: Software Development
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 276
Name: Incorrect Default Permissions
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 277
Name: Insecure Inherited Permissions
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 278
Name: Insecure Preserved Inherited Permissions
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 279
Name: Incorrect Execution-Assigned Permissions
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 280
Name: Improper Handling of Insufficient Permissions or Privileges
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 281
Name: Improper Preservation of Permissions
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 618
Name: Exposed Unsafe ActiveX Method
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 766
Name: Critical Data Element Declared Public
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 767
Name: Access to Critical Private Variable via Public Method
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:
Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comments:

Consider mapping to weaknesses that are members of this Category.

▼Notes
Terminology

Permissions are associated with a resource and specify which actors are allowed to access that resource and what they are allowed to do with that access (e.g., read it, modify it). Privileges are associated with an actor and define which behaviors or actions an actor is allowed to perform.

N/A

▼Taxonomy Mappings
Taxonomy NameEntry IDFitEntry Name
PLOVERN/AN/APermission errors
OWASP Top Ten 2004A2CWE More SpecificBroken Access Control
OWASP Top Ten 2004A10CWE More SpecificInsecure Configuration Management
Taxonomy Name: PLOVER
Entry ID: N/A
Fit: N/A
Entry Name: Permission errors
Taxonomy Name: OWASP Top Ten 2004
Entry ID: A2
Fit: CWE More Specific
Entry Name: Broken Access Control
Taxonomy Name: OWASP Top Ten 2004
Entry ID: A10
Fit: CWE More Specific
Entry Name: Insecure Configuration Management
▼References
Reference ID: REF-44
Title: 24 Deadly Sins of Software Security
Version: v4.15
Author: Michael Howard, David LeBlanc, John Viega
Publication:
McGraw-Hill
Publisher:
Edition:
URL:
URL Date:
Day:N/A
Month:N/A
Year:2010
Details not found