logo

CWE-708 - Incorrect Ownership Assignment

CWE-708

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Incomplete
Weakness Name

Incorrect Ownership Assignment

Description

The product assigns an owner to a resource, but the owner is outside of the intended control sphere.

This may allow the resource to be manipulated by actors outside of the intended control sphere.

Common Consequences

Scope: Confidentiality, Integrity

Impact: Read Application Data, Modify Application Data

Notes: An attacker could read and modify data for which they do not have permissions to access directly.

Related Weaknesses
  • Release Date:
  • 2008-09-09
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website