CWE-732 - Incorrect Permission Assignment for Critical Resource

Description

The software is used for allowing or prohibiting unintended users to read or modify security-critical resource. If the permission was given to more actors than it was needed, attackers can modify that resource and obtain potentially sensitive information. The weakness is the most dangerous when the resource is connected with configuration or execution of the programs or sensitive data and allows malicious users to modify and delete critical information from the target resource.
The vulnerabiity is introduced during Architecture and Design, Implementation, Installation, Operation stages.

Latest vulnerabilities for CWE-732

References

Description of CWE-732 on Mitre website