CWE-378 - Creation of Temporary File With Insecure Permissions
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2023-10-26
Weakness Name
Creation of Temporary File With Insecure Permissions
Description
Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.
Common Consequences
Scope: Confidentiality
Impact: Read Application Data
Notes: If the temporary file can be read by the attacker, sensitive information may be in that file which could be revealed.
Scope: Authorization, Other
Impact: Other
Notes: If that file can be written to by the attacker, the file might be moved into a place to which the attacker does not have access. This will allow the attacker to gain selective resource access-control privileges.
Scope: Integrity, Other
Impact: Other
Notes: Depending on the data stored in the temporary file, there is the potential for an attacker to gain an additional input vector which is trusted as non-malicious. It may be possible to make arbitrary changes to data structures, user information, or even process ownership.