Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-378 (创建拥有不安全权限的临时文件) — Vulnerability Class 34

34 vulnerabilities classified as CWE-378 (创建拥有不安全权限的临时文件). AI Chinese analysis included.

CWE-378 represents a critical security flaw where applications create temporary files with overly permissive access controls, leaving them vulnerable to unauthorized modification or reading. Attackers typically exploit this weakness by predicting the temporary file’s location and name, then creating a malicious file with the same path before the legitimate application does. This allows the attacker to inject harmful content or intercept sensitive data, potentially leading to privilege escalation or data leakage. To mitigate this risk, developers must enforce strict file permissions, such as setting read-write access for the owner only, immediately after file creation. Additionally, utilizing secure system calls that atomically create and secure files, or employing unique, unpredictable filenames, ensures that temporary files remain isolated and protected from pre-emption attacks, thereby maintaining data integrity and confidentiality throughout the application’s lifecycle.

MITRE CWE Description
Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.
Common Consequences (3)
ConfidentialityRead Application Data
If the temporary file can be read by the attacker, sensitive information may be in that file which could be revealed.
Authorization, OtherOther
If that file can be written to by the attacker, the file might be moved into a place to which the attacker does not have access. This will allow the attacker to gain selective resource access-control privileges.
Integrity, OtherOther
Depending on the data stored in the temporary file, there is the potential for an attacker to gain an additional input vector which is trusted as non-malicious. It may be possible to make arbitrary changes to data structures, user information, or even process ownership.
Mitigations (3)
RequirementsMany contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible.
ImplementationEnsure that you use proper file permissions. This can be achieved by using a safe temp file function. Temporary files should be writable and readable only by the process that owns the file.
ImplementationRandomize temporary file names. This can also be achieved by using a safe temp-file function. This will ensure that temporary files will not be created in predictable places.
Examples (1)
In the following code examples a temporary file is created and written to. After using the temporary file, the file is closed and deleted from the file system.
FILE *stream; if( (stream = tmpfile()) == NULL ) { perror("Could not open new temporary file\n"); return (-1); } // write data to tmp file ... // remove tmp file rmtmp();
Bad · C
try { File temp = File.createTempFile("pattern", ".suffix"); temp.deleteOnExit(); BufferedWriter out = new BufferedWriter(new FileWriter(temp)); out.write("aString"); out.close(); } catch (IOException e) { }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2021-21290 Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files — netty 6.2 Medium2021-02-08
CVE-2020-8908 Temp directory permission issue in Guava — Guava 3.3 Low2020-12-10
CVE-2020-27216 Eclipse Jetty 安全漏洞 — Eclipse Jetty 5.8 -2020-10-23
CVE-2016-9485 On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because it fails to set any permissions on downloaded file objects — Windows SecureConnector agent 7.8 -2018-07-13

Vulnerabilities classified as CWE-378 (创建拥有不安全权限的临时文件) represent 34 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.