Category-265: 权限/沙箱问题

admin 2021年12月4日16:23:57CWE(弱点枚举)评论31 views1412字阅读4分42秒阅读模式

Category-265: 权限/沙箱问题

ID: 265
Status: Incomplete


Weaknesses in this category occur with improper enforcement of sandbox environments, or the improper handling, assignment, or management of privileges.


CWE-243 未改变工作目录时创建chroot Jail
CWE-250 带着不必要的权限执行
CWE-266 特权授予不正确
CWE-267 特权定义了不安全动作
CWE-268 特权链锁
CWE-269 特权管理不恰当
CWE-271 特权放弃/降低错误
CWE-274 不充分特权处理不恰当
CWE-501 违背信任边界
CWE-580 未定义super.clone()的clone()方法
CWE-610 资源在另一范围的外部可控制索引
CWE-648 特权API的不正确使用
CWE-766 关键变量被公开声明
CWE-767 通过公开方法可访问到关键的私有数据

Taxonomy Mappings

Mapped Taxonomy Name Node ID Fit Mapped Node Name
PLOVER Privilege / sandbox errors



This can strongly overlap authorization errors.


A sandbox could be regarded as an explicitly defined sphere of control, in that the sandbox only defines a limited set of behaviors, which can only access a limited set of resources.


It could be argued that any privilege problem occurs within the context of a sandbox.

Research Gap

Many of the following concepts require deeper study. Most privilege problems are not classified at such a low level of detail, and terminology is very sparse. Certain classes of software, such as web browsers and software bug trackers, provide a rich set of examples for further research. Operating systems have matured to the point that these kinds of weaknesses are rare, but finer-grained models for privileges, capabilities, or roles might introduce subtler issues.


相关推荐: CWE-1102 依赖于机器相关的数据表示

CWE-1102 依赖于机器相关的数据表示 Reliance on Machine-Dependent Data Representation 结构: Simple Abstraction: Base 状态: Incomplete 被利用可能性: unkown…

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
  • 本文由 发表于 2021年12月4日16:23:57
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  Category-265: 权限/沙箱问题


匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: