CWE-732 (Incorrect Permission Assignment for Critical Resource)

GPTKB entity

Statements (20)
Predicate Object
gptkbp:instanceOf gptkb:Common_Weakness_Enumeration
gptkbp:category gptkb:Security_Misconfiguration
gptkbp:cause Unauthorized access
Privilege escalation
Data leakage
gptkbp:describes A weakness where critical resources are assigned permissions that are too broad or not sufficiently restrictive.
gptkbp:example A database is accessible to all users instead of only administrators.
A file containing sensitive data is world-readable.
https://www.w3.org/2000/01/rdf-schema#label CWE-732 (Incorrect Permission Assignment for Critical Resource)
gptkbp:maintainedBy gptkb:MITRE_Corporation
gptkbp:mitigatedBy Apply the principle of least privilege.
Regularly review and audit permissions.
gptkbp:name Incorrect Permission Assignment for Critical Resource
gptkbp:partOf gptkb:CWE_Top_25_Most_Dangerous_Software_Weaknesses
gptkbp:relatedTo gptkb:CWE-269_(Improper_Privilege_Management)
CWE-284 (Improper Access Control)
gptkbp:url https://cwe.mitre.org/data/definitions/732.html
gptkbp:vulnerableTo gptkb:CWE-732
gptkbp:bfsParent gptkb:Common_Weakness_Enumeration_(CWE)
gptkbp:bfsLayer 7