A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category occur with improper handling, assignment, or management of privileges. A privilege is a property of an agent, such as a user. It lets the agent do things that are not ordinarily allowed. For example, there are privileges which allow an agent to perform maintenance functions such as restart a computer.
The software contains a clone() method that does not call super.clone() to obtain the new object.
The program uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access to files outside of the j...
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of o...
The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This...
The software does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
The application does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing t...
The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.
Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that...
The software does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
The product mixes trusted and untrusted data in the same data structure or structured message.
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...