CWE-379: Creation of Temporary File in Directory with Insecure Permissions
The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.
View on MITREExtended Description
On some operating systems, the fact that the temporary file exists may be apparent to any user with sufficient privileges to access that directory. Since the file is visible, the application that is using the temporary file could be known. If one has access to list the processes on the system, the attacker has gained information about what the user is doing at that time. By correlating this with the applications the user is running, an attacker could potentially discover what a user's actions are. From this, higher levels of security could be breached.
Technical Details
- Structure
- Simple
Applicable To
Security Consequences
Scope
Impact
Since the file is visible and the application which is using the temp file could be known, the attacker has gained information about what the user is doing at that time.
Mitigation Strategies
Phase
Description
Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible.
Phase
Description
Try to store sensitive tempfiles in a directory which is not world readable -- i.e., per-user directories.
Phase
Description
Avoid using vulnerable temp file functions.
Detection Methods
No detection method information available for this CWE.
Code Examples & CVEs
Demonstrative Examples
In the following code examples a temporary file is created and written to. After using the temporary file, the file is closed and deleted from the file system.
However, within this C/C++ code the method tmpfile() is used to create and open the temp file. The tmpfile() method works the same way as the fopen() method would with read/write permission, allowing attackers to read potentially sensitive information contained in the temp file or modify the contents of the file.
In the following code examples a temporary file is created and written to. After using the temporary file, the file is closed and deleted from the file system.
However, within this C/C++ code the method tmpfile() is used to create and open the temp file. The tmpfile() method works the same way as the fopen() method would with read/write permission, allowing attackers to read potentially sensitive information contained in the temp file or modify the contents of the file.
Observed CVE Examples (2)
A hotkey daemon written in Rust creates a domain socket file underneath /tmp, which is accessible by any user.
View DetailsA Java-based application for a rapid-development framework uses File.createTempFile() to create a random temporary file with insecure default permissions.
View DetailsCWE Relationships
Frequently Asked Questions
What is CWE-379: Creation of Temporary File in Directory with Insecure Permissions?+
CWE-379: Creation of Temporary File in Directory with Insecure Permissions is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file. On some operating systems, the fact that the temporary file exists may be apparent to any user with sufficient privileges to access that directory. Since the file is visible, the application that is using the temporary file could be known. If one has access to list the processes on the system, the attacker has gained information about what the user is doing at that time. By correlating this with the applications the user is running, an attacker could potentially discover what a user's actions are. From this, higher levels of security could be breached.
What are the security consequences of Creation of Temporary File in Directory with Insecure Permissions?+
If exploited, CWE-379 (Creation of Temporary File in Directory with Insecure Permissions) it can compromise Confidentiality, leading to outcomes such as Read Application Data.
How do you prevent or mitigate Creation of Temporary File in Directory with Insecure Permissions?+
Recommended mitigations for CWE-379 include: Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible. Try to store sensitive tempfiles in a directory which is not world readable -- i.e., per-user directories. Avoid using vulnerable temp file functions.
Which programming languages are affected by Creation of Temporary File in Directory with Insecure Permissions?+
CWE-379 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
What are real-world examples of Creation of Temporary File in Directory with Insecure Permissions?+
MITRE documents real CVEs mapped to CWE-379, including CVE-2022-27818 and CVE-2021-21290. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
What is the difference between a CWE and a CVE?+
A CWE (Common Weakness Enumeration) like CWE-379 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.