CWE-708
Incorrect Ownership Assignment
Description
The product assigns an owner to a resource, but the owner is outside of the intended control sphere.
This may allow the resource to be manipulated by actors outside of the intended control sphere.
Consequences
Confidentiality, Integrity
—
Read Application Data, Modify Application Data
An attacker could read and modify data for which they do not have permissions to access directly.
Mitigations
Phase: Policy
Periodically review the privileges and their owners.
Detection
Automated Analysis
Use automated tools to check for privilege settings.