CWE-708
Incorrect Ownership Assignment
Description
The product assigns an owner to a resource, but the owner is outside of the intended control sphere.
This may allow the resource to be manipulated by actors outside of the intended control sphere.
Parent Weaknesses (ChildOf)
Related Weaknesses
Common Consequences
Scope
Impact
Read Application Data, Modify Application Data
Potential Mitigations
Periodically review the privileges and their owners.
CVE-2024-43199product installs binaries with potentially insecure user/group ownership
CVE-2007-5101File system sets wrong ownership and group when creating a new file.
CVE-2007-4238OS installs program with bin owner/group, allowing modification.
CVE-2007-1716Manager does not properly restore ownership of a reusable resource when a user logs out, allowing privilege escalation.
CVE-2005-3148Backup software restores symbolic links with incorrect uid/gid.
CVE-2005-1064Product changes the ownership of files that a symlink points to, instead of the symlink itself.
CVE-2011-1551Component assigns ownership of sensitive directory tree to a user account, which can be leveraged to perform privileged operations.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now