Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-379 (在具有不安全权限的目录中创建临时文件) — Vulnerability Class 43

43 vulnerabilities classified as CWE-379 (在具有不安全权限的目录中创建临时文件). AI Chinese analysis included.

CWE-379 represents a critical input validation weakness where applications create temporary files in directories with overly permissive access controls. This flaw allows unintended actors to detect the file’s existence or manipulate its contents, potentially revealing sensitive application logic or user data. Attackers typically exploit this by monitoring the directory for new files, then employing race conditions or symbolic link attacks to redirect the application’s write operations to malicious targets. To mitigate this risk, developers must enforce strict file permissions, ensuring that only the creating process can access the temporary file. Utilizing secure system calls that automatically set restrictive permissions upon creation, such as O_CREAT with mode 0600, is essential. Additionally, storing temporary files in isolated, private directories further reduces the attack surface and prevents unauthorized visibility or interference.

MITRE CWE Description
The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file. On some operating systems, the fact that the temporary file exists may be apparent to any user with sufficient privileges to access that directory. Since the file is visible, the application that is using the temporary file could be known. If one has access to list the processes on the system, the attacker has gained information about what the user is doing at that time. By correlating this with the applications the user is running, an attacker could potentially discover what a user's actions are. From this, higher levels of security could be breached.
Common Consequences (1)
ConfidentialityRead Application Data
Since the file is visible and the application which is using the temp file could be known, the attacker has gained information about what the user is doing at that time.
Mitigations (3)
RequirementsMany contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible.
ImplementationTry to store sensitive tempfiles in a directory which is not world readable -- i.e., per-user directories.
ImplementationAvoid using vulnerable temp file functions.
Examples (1)
In the following code examples a temporary file is created and written to. After using the temporary file, the file is closed and deleted from the file system.
FILE *stream; if( (stream = tmpfile()) == NULL ) { perror("Could not open new temporary file\n"); return (-1); } // write data to tmp file ... // remove tmp file rmtmp();
Bad · C
try { File temp = File.createTempFile("pattern", ".suffix"); temp.deleteOnExit(); BufferedWriter out = new BufferedWriter(new FileWriter(temp)); out.write("aString"); out.close(); } catch (IOException e) { }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2021-36002 Adobe Captivate Installer Creation of Temporary File In Directory With Incorrect Permissions Could Lead To Privilege Escalation — Captivate 5.0 Medium2021-09-01
CVE-2021-28633 Adobe Creative Cloud Installer Arbitrary File Write — Creative Cloud (desktop component) 6.1 Medium2021-08-24
CVE-2021-28623 Adobe Premiere Elements Privilege Escalation Vulnerability — Premiere 6.2 -2021-06-28
CVE-2021-28597 Adobe Photoshop Elements Privilege Escalation Vulnerability - symbolic link — Photoshop Elements 6.2 -2021-06-28
CVE-2021-31411 Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19 — Vaadin 6.3 Medium2021-05-05
CVE-2021-21100 Adobe Digital Editions Arbitrary file system write vulnerability — Digital Editions 7.8 High2021-04-15
CVE-2021-29428 Local privilege escalation through system temporary directory — gradle 8.8 High2021-04-13
CVE-2021-21068 Adobe Creative Cloud installer arbitrary file overwrite vulnerability — Creative Cloud (desktop component) 6.6 -2021-03-12
CVE-2021-21363 Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory — swagger-codegen 5.3 Medium2021-03-11
CVE-2021-21331 DataDog API Client contains a Local Information Disclosure Vulnerability — datadog-api-client-java 3.0 Low2021-03-03
CVE-2020-8831 World writable root owned lock file created in user controllable location — Apport 6.5 Medium2020-04-22
CVE-2016-9486 On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because files are created in a folder with incorrect privileges — Windows SecureConnector agent 7.8 -2018-07-13
CVE-2013-1815 Packstack: red hat openstack: packstack: unauthorized system modification via insecure answer file creation — Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) 6.1 Medium2013-04-10

Vulnerabilities classified as CWE-379 (在具有不安全权限的目录中创建临时文件) represent 43 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.