CWE-265 Categorie Detail

CWE-265

Privilege Issues
Incomplete
2006-07-19 +00:00
2023-06-29 +00:00
CWE Mitre.org
Notifiche per un CWE specifico
Rimani informato su qualsiasi modifica relativa a un CWE specifico.
Gestione notifiche

Nome: Privilege Issues

Weaknesses in this category occur with improper handling, assignment, or management of privileges. A privilege is a property of an agent, such as a user. It lets the agent do things that are not ordinarily allowed. For example, there are privileges which allow an agent to perform maintenance functions such as restart a computer.

CWE Members List

CWE-243: Creation of chroot Jail Without Changing Working Directory Base

CWE-250: Execution with Unnecessary Privileges Base

CWE-266: Incorrect Privilege Assignment Base

CWE-267: Privilege Defined With Unsafe Actions Base

CWE-268: Privilege Chaining Base

CWE-270: Privilege Context Switching Error Base

CWE-272: Least Privilege Violation Base

CWE-273: Improper Check for Dropped Privileges Base

CWE-274: Improper Handling of Insufficient Privileges Base

CWE-280: Improper Handling of Insufficient Permissions or Privileges Base

CWE-501: Trust Boundary Violation Base

CWE-580: clone() Method Without super.clone() Base

CWE-648: Incorrect Use of Privileged APIs Base

CWE Informations

Note sulla mappatura delle vulnerabilità

Giustificazione : This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Commento : See member weaknesses of this category.

Invio

Nome Organizzazione Data Data di rilascio Version
PLOVER 2006-07-19 +00:00 2006-07-19 +00:00 Draft 3

Modifiche

Nome Organizzazione Data Commento
CWE Content Team MITRE 2008-09-08 +00:00 updated Description, Relationships, Relationship_Notes, Taxonomy_Mappings, Theoretical_Notes
CWE Content Team MITRE 2008-10-14 +00:00 updated Description, Research_Gaps, Theoretical_Notes
CWE Content Team MITRE 2009-12-28 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2010-06-21 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2011-03-29 +00:00 updated Relationships
CWE Content Team MITRE 2012-10-30 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2014-07-30 +00:00 updated Detection_Factors
CWE Content Team MITRE 2017-11-08 +00:00 updated Detection_Factors, Potential_Mitigations, Relationships
CWE Content Team MITRE 2020-02-24 +00:00 updated Description, Name, Relationships
CWE Content Team MITRE 2023-04-27 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
Le informazioni presentate su CVE Find provengono da diverse fonti di riferimento attentamente selezionate. I dati CVE sono forniti da MITRE Corporation e dal National Vulnerability Database (NVD). Il catalogo delle vulnerabilità sfruttate conosciute (KEV) proviene dalla Cybersecurity and Infrastructure Security Agency (CISA), mentre i punteggi EPSS provengono da FIRST.org. Inoltre, i dati relativi alle vulnerabilità software (CWE) e ai pattern di attacco comuni (CAPEC) sono mantenuti da MITRE Corporation, e le informazioni sulle configurazioni hardware e software (CPE) sono fornite da NVD.