CWE-281

Improper Preservation of Permissions

Base

What it is

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Impact

Confidentiality, Integrity

Read Application Data, Modify Application Data

Real-world CVE examples

CVE-2002-2323 — Incorrect ACLs used when restoring backups from directories that use symbolic links.
CVE-2001-1515 — Automatic modification of permissions inherited from another file system.
CVE-2005-1920 — Permissions on backup file are created with defaults, possibly less secure than original file.
CVE-2001-0195 — File is made world-readable when being cloned.

Related weaknesses

CWE-732 (childof)

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →