Variant weakness
Draft
CWE-560: Use of umask() with chmod-style Argument
The product calls umask() with an incorrect argument that is specified as if it is an argument to chmod().
Last updated
0
Recorded CVEs
With this primary weakness
0
KEVs
In the CISA KEV catalog
Not rated
Likelihood of exploit
Per MITRE
Variant
Abstraction
MITRE classification
Overview
CWE-560 (Use of umask() with chmod-style Argument) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Common consequences
What can happen when CWE-560 is exploited.
Read Files or Directories, Modify Files or Directories, Bypass Protection Mechanism
Affects: Confidentiality, Integrity, Access Control
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Implementation
Applies to
Languages
C
How to prevent it
Practical mitigations for CWE-560, grouped by where in the lifecycle they apply.
Implementation
Use umask() with the correct argument.