CWE-278
Insecure Preserved Inherited Permissions
A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement.
CVE-2023-38497 (GCVE-0-2023-38497)
Vulnerability from cvelistv5
Published
2023-08-04 15:51
Modified
2025-02-13 17:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-278 - Insecure Preserved Inherited Permissions
Summary
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:55.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87"
},
{
"name": "https://github.com/rust-lang/cargo/pull/12443",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rust-lang/cargo/pull/12443"
},
{
"name": "https://github.com/rust-lang/cargo/commit/d78bbf4bde3c6b95caca7512f537c6f9721426ff",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rust-lang/cargo/commit/d78bbf4bde3c6b95caca7512f537c6f9721426ff"
},
{
"name": "https://en.wikipedia.org/wiki/Umask",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://en.wikipedia.org/wiki/Umask"
},
{
"name": "https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497"
},
{
"name": "https://www.rust-lang.org/policies/security",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rust-lang.org/policies/security"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGKE6PGM4HIQUHPJRBQAHMELINSGN4H4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMEXGUGPW5OBSQA6URTBNDSU3RAEFOZ4/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rust-lang:cargo:*:*:*:*:*:rust:*:*"
],
"defaultStatus": "unknown",
"product": "cargo",
"vendor": "rust-lang",
"versions": [
{
"lessThan": "0.72.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38497",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:02:25.711058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:06:00.736Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cargo",
"vendor": "rust-lang",
"versions": [
{
"status": "affected",
"version": "\u003c 0.72.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cargo downloads the Rust project\u2019s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one\u0027s system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-278",
"description": "CWE-278: Insecure Preserved Inherited Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T18:06:20.542Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87"
},
{
"name": "https://github.com/rust-lang/cargo/pull/12443",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rust-lang/cargo/pull/12443"
},
{
"name": "https://github.com/rust-lang/cargo/commit/d78bbf4bde3c6b95caca7512f537c6f9721426ff",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rust-lang/cargo/commit/d78bbf4bde3c6b95caca7512f537c6f9721426ff"
},
{
"name": "https://en.wikipedia.org/wiki/Umask",
"tags": [
"x_refsource_MISC"
],
"url": "https://en.wikipedia.org/wiki/Umask"
},
{
"name": "https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497"
},
{
"name": "https://www.rust-lang.org/policies/security",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rust-lang.org/policies/security"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGKE6PGM4HIQUHPJRBQAHMELINSGN4H4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMEXGUGPW5OBSQA6URTBNDSU3RAEFOZ4/"
}
],
"source": {
"advisory": "GHSA-j3xp-wfr4-hx87",
"discovery": "UNKNOWN"
},
"title": "Cargo not respecting umask when extracting crate archives"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-38497",
"datePublished": "2023-08-04T15:51:44.878Z",
"dateReserved": "2023-07-18T16:28:12.076Z",
"dateUpdated": "2025-02-13T17:01:51.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38531 (GCVE-0-2024-38531)
Vulnerability from cvelistv5
Published
2024-06-28 13:18
Modified
2024-08-02 04:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-278 - Insecure Preserved Inherited Permissions
Summary
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T15:26:22.607904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T19:37:03.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5"
},
{
"name": "https://github.com/NixOS/nix/pull/10501",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NixOS/nix/pull/10501"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nix",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.23.0, \u003c 2.23.1"
},
{
"status": "affected",
"version": "\u003e= 2.22.0, \u003c 2.22.2"
},
{
"status": "affected",
"version": "\u003e= 2.21.0, \u003c 2.21.3"
},
{
"status": "affected",
"version": "\u003e= 2.20.0, \u003c 2.20.7"
},
{
"status": "affected",
"version": "\u003e= 2.19.0, \u003c 2.19.5"
},
{
"status": "affected",
"version": "\u003e= 2.18.0, \u003c 2.18.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-278",
"description": "CWE-278: Insecure Preserved Inherited Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T13:18:58.604Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5"
},
{
"name": "https://github.com/NixOS/nix/pull/10501",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nix/pull/10501"
}
],
"source": {
"advisory": "GHSA-q82p-44mg-mgh5",
"discovery": "UNKNOWN"
},
"title": "Nix sandbox escape"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-38531",
"datePublished": "2024-06-28T13:18:58.604Z",
"dateReserved": "2024-06-18T16:37:02.729Z",
"dateUpdated": "2024-08-02T04:12:25.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2947 (GCVE-0-2025-2947)
Vulnerability from cvelistv5
Published
2025-04-17 17:10
Modified
2025-04-22 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-278 - Insecure Preserved Inherited Permissions
Summary
IBM i 7.6
contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T03:55:19.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "i",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM i 7.6\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003econtains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. \u0026nbsp;A malicious actor can use the command to elevate privileges to gain root access to the host operating system.\u003c/span\u003e"
}
],
"value": "IBM i 7.6\u00a0\n\ncontains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. \u00a0A malicious actor can use the command to elevate privileges to gain root access to the host operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-278",
"description": "CWE-278 Insecure Preserved Inherited Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T01:52:16.646Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7231025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM i privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-2947",
"datePublished": "2025-04-17T17:10:52.646Z",
"dateReserved": "2025-03-29T13:27:47.251Z",
"dateUpdated": "2025-04-22T03:55:19.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-46
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
No CAPEC attack patterns related to this CWE.