Description
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Potential Impact
Confidentiality, Integrity
Read Application Data, Modify Application Data
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2002-2323 | Incorrect ACLs used when restoring backups from directories that use symbolic links. |
| CVE-2001-1515 | Automatic modification of permissions inherited from another file system. |
| CVE-2005-1920 | Permissions on backup file are created with defaults, possibly less secure than original file. |
| CVE-2001-0195 | File is made world-readable when being cloned. |
Related Weaknesses
Taxonomy Mappings
- PLOVER: — Permission preservation failure
Frequently Asked Questions
What is CWE-281?
CWE-281 (Improper Preservation of Permissions) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
How can CWE-281 be exploited?
Attackers can exploit CWE-281 (Improper Preservation of Permissions) to read application data, modify application data. This weakness is typically introduced during the Implementation, Operation phase of software development.
How do I prevent CWE-281?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-281?
CWE-281 is classified as a Base-level weakness (Medium abstraction). It has been observed in 4 real-world CVEs.