CWE-266Incorrect Privilege Assignment

PUBLISHEDweakness record
released 2006-07-19 · last modified 2025-12-11

Metadata

CWE ID:
CWE-266
摘要:
Base
结构:
Simple
状态:
Draft
发布日期:
2006-07-19
更新日期:
2025-12-11

名称

Incorrect Privilege Assignment

描述

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

常见后果

范围:
Access Control
影响:
Gain Privileges or Assume Identity
注释:
A user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts.

相关 CWE