CWE-272 - Least Privilege Violation
CWE-272
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Incomplete
- Weakness Name
Least Privilege Violation
- Description
The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.
- Common Consequences
Scope: Access Control, Confidentiality
Impact: Gain Privileges or Assume Identity, Read Application Data, Read Files or Directories
Notes: An attacker may be able to access resources with the elevated privilege that could not be accessed with the attacker's original privileges. This is particularly likely in conjunction with another flaw, such as a buffer overflow.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-06-29
Free security scan for your website