logo

CWE-378 - Creation of Temporary File With Insecure Permissions

CWE-378 High

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Creation of Temporary File With Insecure Permissions

Description

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

Common Consequences

Scope: Confidentiality

Impact: Read Application Data

Notes: If the temporary file can be read by the attacker, sensitive information may be in that file which could be revealed.

Scope: Authorization, Other

Impact: Other

Notes: If that file can be written to by the attacker, the file might be moved into a place to which the attacker does not have access. This will allow the attacker to gain selective resource access-control privileges.

Scope: Integrity, Other

Impact: Other

Notes: Depending on the data stored in the temporary file, there is the potential for an attacker to gain an additional input vector which is trusted as non-malicious. It may be possible to make arbitrary changes to data structures, user information, or even process ownership.

Related Weaknesses
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-10-26

Free security scan for your website