CVEbaza.plSłownik CWECWE-689
Common Weakness Enumeration

CWE-689

Permission Race Condition During Resource Copy

Kategoria: CompoundCVE: 3
Opis

Produkt podczas kopiowania lub klonowania zasobu nie ustawia uprawnień ani kontroli dostępu do zasobu aż do ukończenia kopii, co pozostawia zasób narażony na dostęp z innych źródeł. Narażenie to trwa przez cały czas wykonywania operacji kopiowania.

Description (EN)

The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.

Podatności CVE z CWE-689 (3)
8.8
CVSS
HIGH
CVE-2022-28768

The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root.

pub. 2022-11-17
5.9
CVSS
MEDIUM
CVE-2025-40909

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

pub. 2025-05-30
5.1
CVSS
MEDIUM
CVE-2025-0087

In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

pub. 2025-09-04
Informacje
ID: CWE-689
Typ: Compound
Podatności: 3
MITRE CWE ↗
← Słownik CWE