CWE-708 - Incorrect Ownership Assignment

Abstraction:Base
Structure:Simple
Status:Incomplete

Release Date:2008-09-09
Latest Modification Date:2023-06-29

Weakness Name

Incorrect Ownership Assignment

Description

The product assigns an owner to a resource, but the owner is outside of the intended control sphere.

This may allow the resource to be manipulated by actors outside of the intended control sphere.

Common Consequences

Scope: Confidentiality, Integrity

Impact: Read Application Data, Modify Application Data

Notes: An attacker could read and modify data for which they do not have permissions to access directly.

Related Weaknesses