CWE-842 将用户置入不正确的用户组

  • A+

CWE-842 将用户置入不正确的用户组

Placement of User into Incorrect Group

结构: Simple

Abstraction: Base

状态: Incomplete

被利用可能性: unkown


The software or the administrator places a user into an incorrect group.


If the incorrect group has more access or privileges than the intended group, the user might be able to bypass intended security policy to access unexpected resources or perform unexpected actions. The access-control system might not be able to detect malicious usage of this group membership.


  • cwe_Nature: ChildOf cwe_CWE_ID: 286 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 286 cwe_View_ID: 699 cwe_Ordinal: Primary


Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}


范围 影响 注释
Access Control Gain Privileges or Assume Identity


标识 说明 链接
CVE-1999-1193 Operating system assigns user to privileged wheel group, allowing the user to gain root privileges.
CVE-2010-3716 Chain: drafted web request allows the creation of users with arbitrary group membership.
CVE-2008-5397 Chain: improper processing of configuration options causes users to contain unintended group memberships.
CVE-2007-6644 CMS does not prevent remote administrators from promoting other users to the administrator group, in violation of the intended security model.
CVE-2007-3260 Product assigns members to the root group, allowing escalation of privileges.
CVE-2002-0080 Chain: daemon does not properly clear groups before dropping privileges.



:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: