CWE-708: Incorrect Ownership Assignment
low-riskThe product assigns an owner to a resource, but the owner is outside of the intended control sphere.
Abstraction: Base
Common Consequences
Confidentiality
→
Read Application Data
Detection Methods
Automated Analysis
Use automated tools to check for privilege settings.
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2021-32726 | 7.1 | 0.5% | — |
| CVE-2022-33737 | 7.5 | 0.3% | — |
| CVE-2021-32689 | 8.1 | 0.3% | — |
| CVE-2024-45426 | 4.9 | 0.2% | — |
| CVE-2024-52561 | 7.8 | 0.2% | — |
| CVE-2023-41881 | 3.7 | 0.1% | — |
| CVE-2024-45417 | 6.0 | 0.1% | — |
| CVE-2024-41773 | 6.5 | 0.1% | — |
| CVE-2023-29122 | 6.7 | 0.1% | — |
| CVE-2023-20043 | 6.7 | 0.1% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal