CWE-276 - Incorrect Default Permissions

Home/CWEs/CWE info/

CWE-276 Medium

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Incorrect Default Permissions

Description: During installation, installed file permissions are set to allow anyone to modify those files.

Common Consequences: Scope: Confidentiality, Integrity
Impact: Read Application Data, Modify Application Data

Related Weaknesses: CWE-732Incorrect Permission Assignment for Critical ResourceHigh

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Top Security News

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

Hackers now use AppDomain Injection to drop CobaltStrike beacons

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Download: CIS Critical Security Controls v8.1

Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

Common Alerts

HighSQL Injection

MediumApplication Error Disclosure via WebSockets

LowDangerous JS Functions

MediumCSP: style-src unsafe-hashes

LowPermissions Policy Header Not Set

LowStrict-Transport-Security Max-Age Malformed (Non-compliant with Spec)

InformationalCharset Mismatch

LowStrict-Transport-Security Missing Max-Age (Non-compliant with Spec)

InformationalVerification Request Identified

HighSource Code Disclosure - Git

Top CVE List

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2019-15949 Nagios XI Remote Code Execution Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

Common CWEs

CWE-1313 Hardware Allows Activation of Test or Debug Logic at Runtime

CWE-684 Incorrect Provision of Specified Functionality

CWE-828 Signal Handler with Functionality that is not Asynchronous-Safe

CWE-450 Multiple Interpretations of UI Input

CWE-1390 Weak Authentication

CWE-240 Improper Handling of Inconsistent Structural Elements

CWE-597 Use of Wrong Operator in String Comparison

CWE-690 Unchecked Return Value to NULL Pointer Dereference

CWE-140 Improper Neutralization of Delimiters

CWE-797 Only Filtering Special Elements at an Absolute Position

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-276 - Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.