CWE-268 - Privilege Chaining
- 摘要:Base
- 结构:Simple
- 状态:Draft
- 发布日期:2006-07-19
- 更新日期:2023-06-29
名称
Privilege Chaining
描述
Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.
常见后果
范围:Access Control
影响:Gain Privileges or Assume Identity
注释:A user can be given or gain access rights of another user. This can give the user unauthorized access to sensitive information including the access information of another user.