BaseDraft

CWE-386Symbolic Name not Mapping to Correct Object

Category: other

Description

A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time.

Common consequences· 5

  • Access Control — Gain Privileges or Assume Identity
    The attacker can gain access to otherwise unauthorized resources.
  • Integrity / Confidentiality / Other — Modify Application Data, Modify Files or Directories, Read Application Data, Read Files or Directories, Other
    Race conditions such as this kind may be employed to gain read or write access to resources not normally readable or writable by the user in question.
  • Integrity / Other — Modify Application Data, Other
    The resource in question, or other resources (through the corrupted one) may be changed in undesirable ways by a malicious user.
  • Non-Repudiation — Hide Activities
    If a file or other resource is written in this method, as opposed to a valid way, logging of the activity may not occur.
  • Non-Repudiation / Integrity — Modify Files or Directories
    In some cases it may be possible to delete files that a malicious user might not otherwise have access to -- such as log files.

References

  1. https://cwe.mitre.org/data/definitions/386.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Use of Incorrectly-Resolved Name or Reference
CWE
Insufficient Isolation of Symbolic Constant Definitions
CWE
Insufficient Use of Symbolic Constants
CWE
Use of Same Variable for Multiple Purposes
CWE
Use of Invariant Value in Dynamically Changing Context
CWE
Access of Resource Using Incompatible Type ('Type Confusion')
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.