CWE-732 (Incorrect Permission Assignment for Critical Resource)
GPTKB entity
Statements (20)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:category |
gptkb:Security_Misconfiguration
|
| gptkbp:cause |
Unauthorized access
Privilege escalation Data leakage |
| gptkbp:describes |
A weakness where critical resources are assigned permissions that are too broad or not sufficiently restrictive.
|
| gptkbp:example |
A database is accessible to all users instead of only administrators.
A file containing sensitive data is world-readable. |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-732 (Incorrect Permission Assignment for Critical Resource)
|
| gptkbp:maintainedBy |
gptkb:MITRE_Corporation
|
| gptkbp:mitigatedBy |
Apply the principle of least privilege.
Regularly review and audit permissions. |
| gptkbp:name |
Incorrect Permission Assignment for Critical Resource
|
| gptkbp:partOf |
gptkb:CWE_Top_25_Most_Dangerous_Software_Weaknesses
|
| gptkbp:relatedTo |
gptkb:CWE-269_(Improper_Privilege_Management)
CWE-284 (Improper Access Control) |
| gptkbp:url |
https://cwe.mitre.org/data/definitions/732.html
|
| gptkbp:vulnerableTo |
gptkb:CWE-732
|
| gptkbp:bfsParent |
gptkb:Common_Weakness_Enumeration_(CWE)
|
| gptkbp:bfsLayer |
7
|