Description
The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.
On some operating systems, the fact that the temporary file exists may be apparent to any user with sufficient privileges to access that directory. Since the file is visible, the application that is using the temporary file could be known. If one has access to list the processes on the system, the attacker has gained information about what the user is doing at that time. By correlating this with the applications the user is running, an attacker could potentially discover what a user's actions are. From this, higher levels of security could be breached.
Potential Impact
Confidentiality
Read Application Data
Demonstrative Examples
FILE *stream;if( (stream = tmpfile()) == NULL ) {
perror("Could not open new temporary file\n");return (-1);
}
// write data to tmp file
...// remove tmp filermtmp();try {File temp = File.createTempFile("pattern", ".suffix");temp.deleteOnExit();BufferedWriter out = new BufferedWriter(new FileWriter(temp));out.write("aString");out.close();}catch (IOException e) {}Mitigations & Prevention
Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible.
Try to store sensitive tempfiles in a directory which is not world readable -- i.e., per-user directories.
Avoid using vulnerable temp file functions.
Detection Methods
- Automated Static Analysis High — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2022-27818 | A hotkey daemon written in Rust creates a domain socket file underneath /tmp, which is accessible by any user. |
| CVE-2021-41989 | analytic platform's repair functionality uses the %TEMP% folder of a user while running with higher privileges |
| CVE-2021-21290 | A Java-based application for a rapid-development framework uses File.createTempFile() to create a random temporary file with insecure default permissions. |
Related Weaknesses
Taxonomy Mappings
- CLASP: — Guessed or visible temporary file
- CERT C Secure Coding: FIO15-C — Ensure that file operations are performed in a secure directory
Frequently Asked Questions
What is CWE-379?
CWE-379 (Creation of Temporary File in Directory with Insecure Permissions) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.
How can CWE-379 be exploited?
Attackers can exploit CWE-379 (Creation of Temporary File in Directory with Insecure Permissions) to read application data. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-379?
Key mitigations include: Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible.
What is the severity of CWE-379?
CWE-379 is classified as a Base-level weakness (Medium abstraction). It has been observed in 3 real-world CVEs.