CWE-378 - Creation of Temporary File With Insecure Permissions

Description: Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

Common Consequences: Scope: Confidentiality
Impact: Read Application Data
Notes: If the temporary file can be read by the attacker, sensitive information may be in that file which could be revealed.
Scope: Authorization, Other
Impact: Other
Notes: If that file can be written to by the attacker, the file might be moved into a place to which the attacker does not have access. This will allow the attacker to gain selective resource access-control privileges.
Scope: Integrity, Other
Impact: Other
Notes: Depending on the data stored in the temporary file, there is the potential for an attacker to gain an additional input vector which is trusted as non-malicious. It may be possible to make arbitrary changes to data structures, user information, or even process ownership.

Free security scan for your website

Don't show website scan report rating on the leaderboard

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.