VYPR

CWE-377

Insecure Temporary File

ClassIncomplete

Description

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-149 · CAPEC-155

CVEs mapped to this weakness (63)

page 4 of 4
  • CVE-2013-0162Mar 1, 2013
    risk 0.00cvss epss 0.00

    The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

  • CVE-2012-1906May 29, 2012
    risk 0.00cvss epss 0.00

    Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or…

  • CVE-2008-7252Jan 19, 2010
    risk 0.00cvss epss 0.03

    libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.