CWE-379
Creation of Temporary File in Directory with Insecure Permissions
Description
The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.
On some operating systems, the fact that the temporary file exists may be apparent to any user with sufficient privileges to access that directory. Since the file is visible, the application that is using the temporary file could be known. If one has access to list the processes on the system, the attacker has gained information about what the user is doing at that time. By correlating this with the applications the user is running, an attacker could potentially discover what a user's actions are. From this, higher levels of security could be breached.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Read Application Data
Potential Mitigations
Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible.
Try to store sensitive tempfiles in a directory which is not world readable -- i.e., per-user directories.
Avoid using vulnerable temp file functions.
CVE-2022-27818A hotkey daemon written in Rust creates a domain socket file underneath /tmp, which is accessible by any user.
CVE-2021-41989analytic platform's repair functionality uses the %TEMP% folder of a user while running with higher privileges
CVE-2021-21290A Java-based application for a rapid-development framework uses File.createTempFile() to create a random temporary file with insecure default permissions.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now