CWE-378
Creation of Temporary File With Insecure Permissions
Description
Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Read Application Data
Scope
Impact
Other
Scope
Impact
Other
Potential Mitigations
Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible.
Ensure that you use proper file permissions. This can be achieved by using a safe temp file function. Temporary files should be writable and readable only by the process that owns the file.
Randomize temporary file names. This can also be achieved by using a safe temp-file function. This will ensure that temporary files will not be created in predictable places.
CVE-2022-24823A network application framework uses the Java function createTempFile(), which will create a file that is readable by other local users of the system
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now