CWE-286: Incorrect User Management
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not properly manage a user within its environment.
扩展描述
Users can be assigned to the wrong group (class) of permissions resulting in unintended access rights to sensitive objects.
常见后果
影响范围: Other
技术影响: Varies by Context
观察示例
参考: CVE-2022-36109
Containerization product does not record a user's supplementary group ID, allowing bypass of group restrictions.
参考: CVE-1999-1193
Operating system assigns user to privileged wheel group, allowing the user to gain root privileges.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
| Operation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | User management errors | - |