CompoundDraft

CWE-689Permission Race Condition During Resource Copy

Category: authz

Description

The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.

Common consequences· 1

  • Confidentiality / Integrity — Read Application Data, Modify Application Data

Related CAPEC attack patterns· 2

CAPEC-26CAPEC-27

References

  1. https://cwe.mitre.org/data/definitions/689.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternLeveraging Race Conditionscapec-26100%live
AttackPatternLeveraging Race Conditions via Symbolic Linkscapec-27100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Preservation of Permissions
CWE
Improper Ownership Management
CWE
Missing Lock Check
CWE
Improper Resource Locking
CWE
Incorrect Execution-Assigned Permissions
CWE
Incorrect Permission Assignment for Critical Resource
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.