CWE-708 - Incorrect Ownership Assignment

CWE-708

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: Incorrect Ownership Assignment

Description: The product assigns an owner to a resource, but the owner is outside of the intended control sphere.
This may allow the resource to be manipulated by actors outside of the intended control sphere.

Common Consequences: Scope: Confidentiality, Integrity
Impact: Read Application Data, Modify Application Data
Notes: An attacker could read and modify data for which they do not have permissions to access directly.

Related Weaknesses

CWE-345Insufficient Verification of Data Authenticity

CWE-282Improper Ownership Management

Release Date:
2008-09-09

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard