Statements (31)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:bfsLayer |
6
|
| gptkbp:bfsParent |
gptkb:CWE-23
|
| gptkbp:category |
Access Control Issues
|
| gptkbp:consequences |
Data leakage.
|
| gptkbp:countermeasures |
Regular audits of permission settings.
|
| gptkbp:created_by |
gptkb:MITRE_Corporation
|
| gptkbp:difficulty |
gptkb:High
|
| gptkbp:example |
A user can access admin functionalities without proper authorization.
A web application that allows users to access files they should not have permission to view. |
| gptkbp:first_published |
2021-01-01
|
| gptkbp:has_weakness |
gptkb:CWE-276
gptkb:CWE-284 |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-28
|
| gptkbp:impact |
Unauthorized access to sensitive data.
|
| gptkbp:is_described_as |
The software does not properly assign permissions to critical resources, allowing unauthorized access.
|
| gptkbp:is_protected_by |
Implement proper access control mechanisms.
|
| gptkbp:is_referenced_in |
https://cwe.mitre.org/data/definitions/28.html
|
| gptkbp:name |
Incorrect Permission Assignment for Critical Resources
|
| gptkbp:related_to |
gptkb:CWE-200
gptkb:CWE-22 gptkb:CWE-276 gptkb:CWE-284 CWE-732 CWE-250 CWE-269 CWE-275 |
| gptkbp:supports |
Web applications.
Desktop applications. Mobile applications. |
| gptkbp:year_created |
2006-01-01
|