A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
View on MITREA user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts.
No mitigation information available for this CWE.
No detection method information available for this CWE.
This code intends to allow only Administrators to print debug information about a system.
While the intention was to only allow Administrators to print the debug information, the code as written only excludes those with the role of "GUEST". Someone with the role of "ADMIN" or "USER" will be allowed access, which goes against the original intent. An attacker may be able to use this debug information to craft an attack on the system.
Gain privileges using functions/tags that should be restricted (Accessible entities).
View DetailsTraceroute program allows unprivileged users to modify source address of packet (Accessible entities).
View DetailsBypass domain restrictions using a particular file that references unsafe URI schemes (Accessible entities).
View DetailsScript does not restrict access to an update command, leading to resultant disk consumption and filled error logs (Accessible entities).
View Details"public" database user can use stored procedure to modify data controlled by the database owner (Unsafe privileged actions).
View DetailsUser with capability can prevent setuid program from dropping privileges (Unsafe privileged actions).
View DetailsAllows attachment to and modification of privileged processes (Unsafe privileged actions).
View DetailsUser with privilege can edit raw underlying object using unprotected method (Unsafe privileged actions).
View DetailsInappropriate actions allowed by a particular role(Unsafe privileged actions).
View DetailsUntrusted entity allowed to access the system clipboard (Unsafe privileged actions).
View DetailsExtra Linux capability allows bypass of system-specified restriction (Unsafe privileged actions).
View DetailsUser with debugging rights can read entire process (Unsafe privileged actions).
View DetailsNon-root admins can add themselves or others to the root admin group (Unsafe privileged actions).
View DetailsUsers can change certain properties of objects to perform otherwise unauthorized actions (Unsafe privileged actions).
View DetailsCertain debugging commands not restricted to just the administrator, allowing registry modification and infoleak (Unsafe privileged actions).
View DetailsNo relationship information available for this CWE.
CWE-267: Privilege Defined With Unsafe Actions is a Common Weakness Enumeration (CWE) entry maintained by MITRE. A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
If exploited, CWE-267 (Privilege Defined With Unsafe Actions) it can compromise Access Control, leading to outcomes such as Gain Privileges or Assume Identity.
CWE-267 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-267, including CVE-2002-1981, CVE-2002-1671, CVE-2004-2204, CVE-2000-0315 and CVE-2004-0380. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-267 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.