CWE-266: Incorrect Privilege Assignment
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
常见后果
影响范围: Access Control
技术影响: Gain Privileges or Assume Identity
说明: A user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts.
潜在缓解措施
阶段: Architecture and Design Operation
描述: Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
阶段: Architecture and Design Operation
策略: Environment Hardening
描述: Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
观察示例
参考: CVE-1999-1193
untrusted user placed in unix "wheel" group
参考: CVE-2005-2741
Product allows users to grant themselves certain rights that can be used to escalate privileges.
参考: CVE-2005-2496
Product uses group ID of a user instead of the group, causing it to run with different privileges. This is resultant from some other unknown issue.
参考: CVE-2004-0274
Product mistakenly assigns a particular status to an entity, leading to increased privileges.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Incorrect Privilege Assignment | - |
| The CERT Oracle Secure Coding Standard for Java (2011) | SEC00-J | Do not allow privileged blocks to leak sensitive information across a trust boundary | - |
| The CERT Oracle Secure Coding Standard for Java (2011) | SEC01-J | Do not allow tainted variables in privileged blocks | - |