目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-250 带着不必要的权限执行 类漏洞列表 245

CWE-250 带着不必要的权限执行 类弱点 245 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-250指程序以高于实际所需的最小权限级别执行操作。这种过度授权不仅可能直接引发权限提升漏洞,还会放大其他安全缺陷的后果。攻击者常利用此弱点,通过触发特定功能获取更高系统控制权,从而执行恶意代码或窃取敏感数据。开发者应遵循最小权限原则,在代码中严格限制进程权限,确保仅授予完成任务所必需的最低特权,从而降低潜在安全风险。

MITRE CWE 官方描述
CWE:CWE-250 Execution with Unnecessary Privileges 英文:The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
常见影响 (1)
Confidentiality, Integrity, Availability, Access ControlGain Privileges or Assume Identity, Execute Unauthorized Code or Commands, Read Application Data, DoS: Crash, Exit, or Restart
An attacker will be able to gain access to any resources that are allowed by the extra privileges. Common results include executing code, disabling services, and reading restricted data. New weaknesses can be exposed because running with extra privileges, such as root or Administrator, can disable t…
缓解措施 (5)
Architecture and Design, OperationRun your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database ad…
Architecture and DesignIdentify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting …
Architecture and DesignIdentify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting …
ImplementationPerform extensive input validation for any privileged code that must be exposed to the user and reject anything that does not fit your strict requirements.
ImplementationWhen dropping privileges, ensure that they have been dropped successfully to avoid CWE-273. As protection mechanisms in the environment get stronger, privilege-dropping calls may fail even if it seems like they would always succeed.
代码示例 (2)
This code temporarily raises the program's privileges to allow creation of a new user folder.
def makeNewUserDir(username): if invalidUsername(username): #avoid CWE-22 and CWE-78 print('Usernames cannot contain invalid characters') return False try: raisePrivileges() os.mkdir('/home/' + username) lowerPrivileges() except OSError: print('Unable to create new user directory for user:' + username) return False return True
Bad · Python
The following code calls chroot() to restrict the application to a subset of the filesystem below APP_HOME in order to prevent an attacker from using the program to gain unauthorized access to files located elsewhere. The code then opens a file specified by the user and processes the contents of the file.
chroot(APP_HOME); chdir("/"); FILE* data = fopen(argv[1], "r+"); ...
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2024-35142 IBM Security Verify Access 安全漏洞 — Security Verify Access Docker 8.4 High2024-05-31
CVE-2024-5042 Submariner Operator 安全漏洞 6.6 Medium2024-05-17
CVE-2024-27260 IBM AIX 安全漏洞 — AIX 8.4 High2024-05-16
CVE-2024-27110 General Electric Healthcare Imaging 安全漏洞 — EchoPAC Software Only 8.4 High2024-05-14
CVE-2024-25967 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.7 Medium2024-05-14
CVE-2024-28005 NEC Aterm 安全漏洞 — WG1800HP4 9.1AICriticalAI2024-03-28
CVE-2024-0073 NVIDIA GPU Display Driver 安全漏洞 — GPU Display driver, vGPU driver, Cloud Gaming driver 7.8 High2024-03-27
CVE-2024-1222 PaperCut NG 安全漏洞 — PaperCut NG, PaperCut MF 8.6 High2024-03-14
CVE-2023-45592 AiLux imx6 安全漏洞 — imx6 bundle 6.8 Medium2024-03-05
CVE-2023-30617 Kruise 安全漏洞 — kruise 6.5 Medium2024-01-03
CVE-2023-33873 AVEVA Operations Control Logger 安全漏洞 — SystemPlatform 7.8 High2023-11-15
CVE-2023-6006 PaperCut NG 安全漏洞 — PaperCut NG, PaperCut MF 7.8 High2023-11-14
CVE-2023-43018 IBM CICS TX 安全漏洞 — CICS TX Standard 5.9 Medium2023-11-02
CVE-2023-27313 NetApp SnapCenter 安全漏洞 — SnapCenter 8.3 High2023-10-12
CVE-2023-27312 NetApp SnapCenter 安全漏洞 — SnapCenter Plugin for VMware vSphere 5.4 Medium2023-10-12
CVE-2023-1943 Kubernetes 安全漏洞 — kops 8.0 High2023-10-11
CVE-2023-5207 GitLab 安全漏洞 — GitLab 8.2 High2023-09-30
CVE-2023-4003 One Identity Password Manager 安全漏洞 — One 7.6 High2023-09-27
CVE-2023-4662 Saphira Connect 安全漏洞 — Saphira Connect 9.8 Critical2023-09-15
CVE-2023-4814 Trellix Data Loss Prevention 安全漏洞 — Data Loss Prevention Endpoint for Windows 7.1 High2023-09-14
CVE-2023-31175 Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator 安全漏洞 — SEL-5037 SEL Grid Configurator 8.8 High2023-08-31
CVE-2023-20217 Cisco ThousandEyes Enterprise Agent 安全漏洞 — Cisco ThousandEyes Recorder Application 5.5 Medium2023-08-16
CVE-2023-32486 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.7 Medium2023-08-16
CVE-2023-38641 Siemens SICAM TOOLBOX II 安全漏洞 — SICAM TOOLBOX II 7.8 High2023-08-08
CVE-2023-39508 Apache Airflow 安全漏洞 — Apache Airflow 8.8 -2023-08-05
CVE-2023-39261 JetBrains IntelliJ IDEA 安全漏洞 — IntelliJ IDEA 5.2 Medium2023-07-26
CVE-2023-20210 Cisco BroadWorks 安全漏洞 — Cisco BroadWorks 6.0 Medium2023-07-12
CVE-2023-34118 Zoom Rooms 安全漏洞 — Zoom Rooms for Windows 7.3 High2023-07-11
CVE-2023-25521 NVIDIA DGX 安全漏洞 — DGX A100/A800 7.5 High2023-07-03
CVE-2023-2002 Linux kernel 安全漏洞 — Kernel 8.0 -2023-05-26

CWE-250(带着不必要的权限执行) 是常见的弱点类别,本平台收录该类弱点关联的 245 条 CVE 漏洞。