CWE-286

Incorrect User Management

Class

Incomplete

The product does not properly manage a user within its environment.

Users can be assigned to the wrong group (class) of permissions resulting in unintended access rights to sensitive objects.

Parent Weaknesses (ChildOf)

Scope

Other

Impact

Varies by Context

Containerization product does not record a user's supplementary group ID, allowing bypass of group restrictions.

Operating system assigns user to privileged wheel group, allowing the user to gain root privileges.

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.