CWE-266 - Incorrect Privilege Assignment

CWE ID:

CWE-266

Abstraction:Base
Structure:Simple
Status:Draft

Release Date:2006-07-19
Latest Modification Date:2023-06-29

Weakness Name

Incorrect Privilege Assignment

Description

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Common Consequences

Scope: Access Control

Impact: Gain Privileges or Assume Identity

Notes: A user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts.

Related Weaknesses

CWE-269Improper Privilege ManagementMedium

CWE-286Incorrect User Management

Latest Security News

Top CVE List

Top Alert List

CSP
Content Security Policy (CSP) Header Not Set
MediumAbsence of Anti-CSRF Tokens
MediumMissing Anti-clickjacking Header
InformationalInformation Disclosure - Suspicious Comments
LowCross-Domain JavaScript Source File Inclusion
MediumContent Security Policy (CSP) Header Not Set
LowTimestamp Disclosure - Unix
LowCSP: X-Content-Security-Policy
InformationalRe-examine Cache-control Directives

Top CWE List