CWE-689 - Permission Race Condition During Resource Copy
- Abstraction:Compound
- Structure:Composite
- Status:Draft
- Release Date:2008-04-11
- Latest Modification Date:2023-06-29
Weakness Name
Permission Race Condition During Resource Copy
Description
The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.
Common Consequences
Scope: Confidentiality, Integrity
Impact: Read Application Data, Modify Application Data
Related Weaknesses
CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')Medium
CWE-732Incorrect Permission Assignment for Critical ResourceHigh
Oracle denies breach after hacker claims theft of 6 million data records
Oracle Health breach compromises patient data at US hospitals
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites
New SuperBlack ransomware exploits Fortinet auth bypass flaws
Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)
RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
MediumHTTP Parameter Override
LowInformation Disclosure - Sensitive Information in Browser localStorage
MediumParameter Tampering
InformationalUser Agent Fuzzer
InformationalNon-Storable Content
MediumBuffer Overflow
CWE-795 Only Filtering Special Elements at a Specified Location
MediumCWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE-1021 Improper Restriction of Rendered UI Layers or Frames
CWE-451 User Interface (UI) Misrepresentation of Critical Information
CWE-794 Incomplete Filtering of Multiple Instances of Special Elements
CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages