CWE-1345: OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
ID
CWE-1345
Status
Incomplete
Weaknesses in this category are related to the A01 category "Broken Access Control" in the OWASP Top Ten 2021.
Relationships
| View | Weakness | ||||||
|---|---|---|---|---|---|---|---|
| # ID | Name | # ID | Name | Abstraction | Structure | Status | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Base | Simple | Stable | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-23 | Relative Path Traversal | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-35 | Path Traversal: '.../...//' | Variant | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-201 | Insertion of Sensitive Information Into Sent Data | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-219 | Storage of File with Sensitive Data Under Web Root | Variant | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-264 | Permissions, Privileges, and Access Controls | Obsolete | |||
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-275 | Permission Issues | Draft | |||
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-276 | Incorrect Default Permissions | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-284 | Improper Access Control | Pillar | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-285 | Improper Authorization | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-352 | Cross-Site Request Forgery (CSRF) | Compound | Composite | Stable | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-359 | Exposure of Private Personal Information to an Unauthorized Actor | Base | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-377 | Insecure Temporary File | Class | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-402 | Transmission of Private Resources into a New Sphere ('Resource Leak') | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-425 | Direct Request ('Forced Browsing') | Base | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-441 | Unintended Proxy or Intermediary ('Confused Deputy') | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-497 | Exposure of Sensitive System Information to an Unauthorized Control Sphere | Base | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-538 | Insertion of Sensitive Information into Externally-Accessible File or Directory | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-540 | Inclusion of Sensitive Information in Source Code | Base | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-548 | Exposure of Information Through Directory Listing | Variant | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-552 | Files or Directories Accessible to External Parties | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-566 | Authorization Bypass Through User-Controlled SQL Primary Key | Variant | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-639 | Authorization Bypass Through User-Controlled Key | Base | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-651 | Exposure of WSDL File Containing Sensitive Information | Variant | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-668 | Exposure of Resource to Wrong Sphere | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-706 | Use of Incorrectly-Resolved Name or Reference | Class | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-862 | Missing Authorization | Class | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-863 | Incorrect Authorization | Class | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-913 | Improper Control of Dynamically-Managed Code Resources | Class | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-922 | Insecure Storage of Sensitive Information | Class | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-1275 | Sensitive Cookie with Improper SameSite Attribute | Variant | Simple | Incomplete | |
Loading...