CWE-379: Creation of Temporary File in Directory with Insecure Permissions

BaseIncompleteExploit Likelihood: Low

The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.

View on MITRE

Back to CWE Lookup

Extended Description

On some operating systems, the fact that the temporary file exists may be apparent to any user with sufficient privileges to access that directory. Since the file is visible, the application that is using the temporary file could be known. If one has access to list the processes on the system, the attacker has gained information about what the user is doing at that time. By correlating this with the applications the user is running, an attacker could potentially discover what a user's actions are. From this, higher levels of security could be breached.

Technical Details

Structure: Simple

Applicable To

Languages

Not Language-Specific

Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-379

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references