VYPR

CWE-377

Insecure Temporary File

ClassIncomplete

Description

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-149 · CAPEC-155

CVEs mapped to this weakness (63)

page 1 of 4
  • CVE-2015-5224CriAug 23, 2017
    risk 0.57cvss 9.8epss 0.05

    The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.

  • CVE-2018-3710HigMar 21, 2018
    risk 0.51cvss 7.8epss 0.03

    Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.

  • CVE-2025-67223HigApr 28, 2026
    risk 0.49cvss 7.5epss 0.01

    The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and…

  • CVE-2026-20649HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3. A user may be able to view sensitive user information.

  • CVE-2024-49506HigNov 13, 2024
    risk 0.47cvss epss 0.00

    Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem

  • CVE-2026-40973HigApr 28, 2026
    risk 0.46cvss 7.0epss 0.00

    A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persistent` is set to `true` and the attack persists across application restarts, this may allow the attacker to read session…

  • CVE-2026-20204HigApr 15, 2026
    risk 0.46cvss 7.1epss 0.03

    In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles…

  • CVE-2026-4822HigMar 25, 2026
    risk 0.46cvss 7.0epss 0.00

    A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a manipulation results in creation of temporary file with insecure permissions.…

  • CVE-2026-25701HigFeb 25, 2026
    risk 0.46cvss epss 0.00

    An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: * gain access to possible private information found in /var/lib/pcrlock.d * manipulate the data backed up in /tmp/pcrlock.d.bak,…

  • CVE-2018-1053HigFeb 9, 2018
    risk 0.46cvss 7.0epss 0.00

    In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade,…

  • CVE-2025-61659MedSep 29, 2025
    risk 0.44cvss 6.8epss 0.00

    bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name.

  • CVE-2024-6654MedSep 27, 2024
    risk 0.44cvss epss 0.00

    Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down.

  • CVE-2017-16024MedJun 4, 2018
    risk 0.42cvss 6.5epss 0.03

    The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain…

  • CVE-2017-7549MedSep 21, 2017
    risk 0.42cvss 6.4epss 0.00

    A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local…

  • CVE-2026-45384MedJun 10, 2026
    risk 0.40cvss 6.1epss 0.00

    bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in…

  • CVE-2026-40979MedApr 28, 2026
    risk 0.40cvss 6.1epss 0.00

    In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

  • CVE-2016-9595HigJul 27, 2018
    risk 0.40cvss 7.3epss 0.00

    A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

  • CVE-2026-49135HigJun 1, 2026
    risk 0.39cvss 7.1epss 0.00

    CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the…

  • CVE-2026-49134HigJun 1, 2026
    risk 0.39cvss 7.1epss 0.00

    CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a…

  • CVE-2024-45339HigJan 28, 2025
    risk 0.39cvss 7.1epss 0.00

    When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink…