DerScanner
Home / Vulnerability Database / Go : File permission manipulation
Go

Go : File permission manipulation

Classification

OWASP Top 10 2013
A7-Missing Function Level Access Control
OWASP Top 10 2017
A5-Broken Access Control
OWASP Top 10 2021
A1-Broken Access ControlA4-Insecure Design
OWASP ASVS
Access ControlAccess ControlAccess ControlAccess Control
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (a)(1)
CWE
CWE-434CWE-642CWE-732
CWE/SANS Top 25 2011
CWE-434CWE-732
CWE/SANS Top 25 2021
CWE-434CWE-732

Overview

The application changes the file access permissions. The extra permissions (e.g., the right to execute) for an unlimited number of users can facilitate the organization of the attack.

Unix-like systems use the commands MkdirAll, OpenFile, Chmod for rights management. Here, the “file” is understood in a broad sense - file, directory, socket, symbolic link, etc. For each file there are three groups of users: the file owner (user), the group to which the file owner belongs (group) and the rest (other). Each group can have the following access rights: read, write, and execute (abbreviated as r, w, and x, respectively).

References

  1. OWASP Top 10 2017-A5-Broken Access Control
  2. CWE-732
LOW

DerScanner Severity Score

Do you want to fix Go : File permission manipulation in your application?

See also

Go

Go : Undocumented feature: special account

Go

Go : Nil salt

Go

Go : Logging into system output