Common Weakness Enumeration

CWE-378

Allowed

Creation of Temporary File With Insecure Permissions

Abstraction: Base · Status: Draft

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

85 vulnerabilities reference this CWE, most recent first.

GHSA-GHG9-7QFG-HXJ6

Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-01-13 18:31
VLAI
Details

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-46684"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-378"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-13T17:15:57Z",
    "severity": "MODERATE"
  },
  "details": "Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering.",
  "id": "GHSA-ghg9-7qfg-hxj6",
  "modified": "2026-01-13T18:31:07Z",
  "published": "2026-01-13T18:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46684"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000401506/dsa-2025-456"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H732-87V7-7449

Vulnerability from github – Published: 2024-12-25 18:30 – Updated: 2024-12-25 18:30
VLAI
Details

Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-52543"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-378",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-25T16:15:22Z",
    "severity": "MODERATE"
  },
  "details": "Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.",
  "id": "GHSA-h732-87v7-7449",
  "modified": "2024-12-25T18:30:45Z",
  "published": "2024-12-25T18:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52543"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000258904/dsa-2024-488-security-update-for-dell-nativeedge-multiple-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HPV8-9RQ5-HQ7W

Vulnerability from github – Published: 2021-03-11 03:09 – Updated: 2022-10-25 20:35
VLAI
Summary
Generated Code Contains Local Information Disclosure Vulnerability
Details

Impact

This vulnerability impacts generated code. If this code was generated as a one-off occasion, not as a part of an automated CI/CD process, this code will remain vulnerable until fixed manually!

On Unix-Like systems, the system temporary directory is shared between all local users. When files/directories are created, the default umask settings for the process are respected. As a result, by default, most processes/apis will create files/directories with the permissions -rw-r--r-- and drwxr-xr-x respectively, unless an API that explicitly sets safe file permissions is used.

Java Code

The method File.createTempFile from the JDK is vulnerable to this local information disclosure vulnerability.

  • https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-codegen/src/main/resources/kotlin-client/infrastructure/ApiClient.kt.mustache#L209
  • https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-codegen/src/main/resources/finch/api.mustache#L84
  • https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-codegen/src/main/resources/Java/libraries/okhttp-gson/ApiClient.mustache#L831-L834
  • https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-codegen/src/main/resources/Java/libraries/jersey2/ApiClient.mustache#L630-L633

Patches

Fix has been applied to the master branch with:

  • https://github.com/swagger-api/swagger-codegen/commit/35adbd552d5f99b3ff1e0e59da228becc85190f2

included in release: 2.4.19

Workarounds

Users can remediate the vulnerability in non patched version by manually (or programmatically e.g. in CI) updating the generated source code to use java.nio.files.Files temporary file creation instead of java.io.File, e.g. by changing


    if (tempFolderPath == null)
      return File.createTempFile(prefix, suffix);
    else
      return File.createTempFile(prefix, suffix, new File(tempFolderPath));

to


    if (tempFolderPath == null)
      return Files.createTempFile(prefix, suffix).toFile();
    else
      return Files.createTempFile(Paths.get(tempFolderPath), prefix, suffix).toFile();

or generally changing:


File.createTempFile(prefix, suffix);

to


Files.createTempFile(prefix, suffix).toFile();

References

For more information

If you have any questions or comments about this advisory:

Original vulnerability report

I'm performing OSS security research under the GitHub Security Lab Bug Bounty program. I've been using a custom CodeQL query to find local temporary directory vulnerabilities in OSS with three custom CodeQL queries.

  • https://github.com/github/codeql/pull/4388/files#diff-71d36c0f2bd0b08e32866f873f1c906cdc17277e0ad327c0c6cd2c882f30de4f
  • https://github.com/github/codeql/pull/4388/files#diff-1893a18a8bf43c011d61a7889d0139b998a5a78701a30fe7722eddd4c506aaac
  • https://github.com/github/codeql/pull/4473

The code generated by the Swagger Generator contains a local information disclosure vulnerability. The system temporary directory, on unix-like systems is shared between multiple users. Information written to this directory, or directories created under this directory that do not correctly set the posix standard permissions can have these directories read/modified by other users.


This code exists in the code generator, in the generated code.

In this case, I believe this is only a local information disclosure. IE. another user can read the information, not replace it.

In particular, the method File.createTempFile from the JDK is vulnerable to this local information disclosure vulnerability.

This is because File.createTempFile creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system.

  • https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-codegen/src/main/resources/kotlin-client/infrastructure/ApiClient.kt.mustache#L209
  • https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-codegen/src/main/resources/finch/api.mustache#L84
  • https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-codegen/src/main/resources/Java/libraries/okhttp-gson/ApiClient.mustache#L831-L834
  • https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-codegen/src/main/resources/Java/libraries/jersey2/ApiClient.mustache#L630-L633

The fix here is to switch to the Files API, instead of File as that appropriately sets the file permissions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.swagger:swagger-codegen"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21364"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-378",
      "CWE-732"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-11T03:08:54Z",
    "nvd_published_at": "2021-03-11T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\n**This vulnerability impacts generated code.** If this code was generated as a one-off occasion, not as a part of an automated CI/CD process, this code will remain vulnerable until fixed manually!\n\nOn Unix-Like systems, the system temporary directory is shared between all local users. When files/directories are created, the default `umask` settings for the process are respected. As a result, by default, most processes/apis will create files/directories with the permissions `-rw-r--r--` and `drwxr-xr-x` respectively, unless an API that explicitly sets safe file permissions is used.\n\n#### Java Code\n\nThe method `File.createTempFile` from the JDK is vulnerable to this local information disclosure vulnerability.\n\n- https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-codegen/src/main/resources/kotlin-client/infrastructure/ApiClient.kt.mustache#L209\n- https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-codegen/src/main/resources/finch/api.mustache#L84\n- https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-codegen/src/main/resources/Java/libraries/okhttp-gson/ApiClient.mustache#L831-L834\n- https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-codegen/src/main/resources/Java/libraries/jersey2/ApiClient.mustache#L630-L633\n\n### Patches\n\nFix has been applied to the master branch with:\n\n* https://github.com/swagger-api/swagger-codegen/commit/35adbd552d5f99b3ff1e0e59da228becc85190f2\n\nincluded in release: 2.4.19\n\n\n### Workarounds\n\nUsers can remediate the vulnerability in non patched version by manually (or programmatically e.g. in CI) updating the generated source code to use `java.nio.files.Files` temporary file creation instead of `java.io.File`, e.g. by changing\n\n```java\n\n    if (tempFolderPath == null)\n      return File.createTempFile(prefix, suffix);\n    else\n      return File.createTempFile(prefix, suffix, new File(tempFolderPath));\n\n```\n\nto \n\n```java\n\n    if (tempFolderPath == null)\n      return Files.createTempFile(prefix, suffix).toFile();\n    else\n      return Files.createTempFile(Paths.get(tempFolderPath), prefix, suffix).toFile();\n\n```\n\nor generally changing:\n\n```java\n\nFile.createTempFile(prefix, suffix);\n\n```\n\nto \n\n```java\n\nFiles.createTempFile(prefix, suffix).toFile();\n\n```\n\n### References\n\n* [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html)\n* [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html)\n* [CWE-732: Incorrect Permission Assignment for Critical Resource](https://cwe.mitre.org/data/definitions/732.html)\n\n### For more information\nIf you have any questions or comments about this advisory:\n\n* Email us at [security@swagger.io](mailto:security@swagger.io)\n\n#### Original vulnerability report\n\n\u003e I\u0027m performing OSS security research under the GitHub Security Lab Bug Bounty program.\n\u003e I\u0027ve been using a custom CodeQL query to find local temporary directory vulnerabilities in OSS with three custom CodeQL queries.\n\u003e \n\u003e - https://github.com/github/codeql/pull/4388/files#diff-71d36c0f2bd0b08e32866f873f1c906cdc17277e0ad327c0c6cd2c882f30de4f\n\u003e - https://github.com/github/codeql/pull/4388/files#diff-1893a18a8bf43c011d61a7889d0139b998a5a78701a30fe7722eddd4c506aaac\n\u003e - https://github.com/github/codeql/pull/4473\n\u003e \n\u003e The code generated by the Swagger Generator contains a local information disclosure vulnerability. The system temporary directory, on unix-like systems is shared between multiple users. Information written to this directory, or directories created under this directory that do not correctly set the posix standard permissions can have these directories read/modified by other users.\n\u003e \n\u003e ---\n\u003e \n\u003e This code exists in the code generator, in the generated code.\n\u003e \n\u003e In this case, I believe this is only a local information disclosure. IE. another user can read the information, not replace it.\n\u003e \n\u003e In particular, the method `File.createTempFile` from the JDK is vulnerable to this local information disclosure vulnerability.\n\u003e \n\u003e This is because `File.createTempFile` creates a file inside of the system temporary directory with the permissions: `-rw-r--r--`. Thus the contents of this file are viewable by all other users locally on the system.\n\u003e \n\u003e - https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-codegen/src/main/resources/kotlin-client/infrastructure/ApiClient.kt.mustache#L209\n\u003e - https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-codegen/src/main/resources/finch/api.mustache#L84\n\u003e - https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-codegen/src/main/resources/Java/libraries/okhttp-gson/ApiClient.mustache#L831-L834\n\u003e - https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-codegen/src/main/resources/Java/libraries/jersey2/ApiClient.mustache#L630-L633\n\u003e \n\u003e The fix here is to switch to the `Files` API, instead of `File` as that appropriately sets the file permissions.\n\u003e ",
  "id": "GHSA-hpv8-9rq5-hq7w",
  "modified": "2022-10-25T20:35:54Z",
  "published": "2021-03-11T03:09:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/swagger-api/swagger-codegen/security/advisories/GHSA-hpv8-9rq5-hq7w"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21364"
    },
    {
      "type": "WEB",
      "url": "https://github.com/swagger-api/swagger-codegen/commit/35adbd552d5f99b3ff1e0e59da228becc85190f2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Generated Code Contains Local Information Disclosure Vulnerability"
}

GHSA-J75R-VF64-6RRH

Vulnerability from github – Published: 2023-02-24 18:30 – Updated: 2023-03-07 04:03
VLAI
Summary
RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions
Details

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.quarkus.resteasy.reactive:resteasy-reactive-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.0.Alpha4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-0481"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-378",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-24T19:55:15Z",
    "nvd_published_at": "2023-02-24T18:15:00Z",
    "severity": "LOW"
  },
  "details": "In RestEasy Reactive implementation of Quarkus the insecure `File.createTempFile()` is used in the `FileBodyHandler` class which creates temp files with insecure permissions that could be read by a local user.",
  "id": "GHSA-j75r-vf64-6rrh",
  "modified": "2023-03-07T04:03:37Z",
  "published": "2023-02-24T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0481"
    },
    {
      "type": "WEB",
      "url": "https://github.com/quarkusio/quarkus/pull/30694"
    },
    {
      "type": "WEB",
      "url": "https://github.com/quarkusio/quarkus/commit/95d5904f7cf18c8165b97d8ca03b203d7f69c17e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/quarkusio/quarkus"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions"
}

GHSA-JC2V-4568-J7G2

Vulnerability from github – Published: 2024-08-01 15:32 – Updated: 2024-08-01 15:32
VLAI
Details

A vulnerability was found in Point B Ltd Getscreen Agent 2.19.6 on Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file getscreen.msi of the component Installation. The manipulation leads to creation of temporary file with insecure permissions. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-273337 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but was not able to provide a technical response in time.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7358"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-378"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-01T14:15:03Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in Point B Ltd Getscreen Agent 2.19.6 on Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file getscreen.msi of the component Installation. The manipulation leads to creation of temporary file with insecure permissions. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-273337 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but was not able to provide a technical response in time.",
  "id": "GHSA-jc2v-4568-j7g2",
  "modified": "2024-08-01T15:32:20Z",
  "published": "2024-08-01T15:32:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7358"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SaumyajeetDas/Vulnerability/tree/main/GetScreen"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.273337"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.273337"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.374979"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JHHR-8858-58W9

Vulnerability from github – Published: 2024-07-19 18:31 – Updated: 2024-08-01 15:32
VLAI
Details

Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41601"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-277",
      "CWE-378"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-19T17:15:03Z",
    "severity": "HIGH"
  },
  "details": "Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component.",
  "id": "GHSA-jhhr-8858-58w9",
  "modified": "2024-08-01T15:32:06Z",
  "published": "2024-07-19T18:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41601"
    },
    {
      "type": "WEB",
      "url": "https://github.com/topsky979/Security-Collections/tree/main/CVE-2024-41601"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JRMH-V64J-MJM9

Vulnerability from github – Published: 2023-02-18 00:31 – Updated: 2025-01-15 18:56
VLAI
Summary
Duplicate Advisory: Insecure Temporary File in RESTEasy
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-2c6g-pfx3-w7h8. This link is maintained to preserve external references.

Original Description

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jboss.resteasy:resteasy-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.7.8.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jboss.resteasy:resteasy-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0.Alpha1"
            },
            {
              "fixed": "5.0.6.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jboss.resteasy:resteasy-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0.Beta1"
            },
            {
              "fixed": "6.2.3.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jboss.resteasy:resteasy-multipart-provider"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.7.8.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jboss.resteasy:resteasy-multipart-provider"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0.Alpha1"
            },
            {
              "fixed": "5.0.6.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jboss.resteasy:resteasy-multipart-provider"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0.Beta1"
            },
            {
              "fixed": "6.2.3.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-378"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-18T02:18:19Z",
    "nvd_published_at": "2023-02-17T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-2c6g-pfx3-w7h8. This link is maintained to preserve external references.\n\n# Original Description\nIn RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.",
  "id": "GHSA-jrmh-v64j-mjm9",
  "modified": "2025-01-15T18:56:33Z",
  "published": "2023-02-18T00:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482"
    },
    {
      "type": "WEB",
      "url": "https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56"
    },
    {
      "type": "WEB",
      "url": "https://github.com/orgs/resteasy/discussions/3415"
    },
    {
      "type": "WEB",
      "url": "https://github.com/orgs/resteasy/discussions/3504"
    },
    {
      "type": "WEB",
      "url": "https://github.com/orgs/resteasy/discussions/3506"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/resteasy/Resteasy"
    },
    {
      "type": "WEB",
      "url": "https://issues.redhat.com/browse/RESTEASY-3286"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230427-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: Insecure Temporary File in RESTEasy",
  "withdrawn": "2025-01-15T18:56:33Z"
}

GHSA-M68Q-4HQR-MC6F

Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2026-01-15 12:30
VLAI
Summary
Podman Creates Temporary File with Insecure Permissions
Details

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/containers/podman/v5"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "5.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-4953"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-378"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-16T20:21:02Z",
    "nvd_published_at": "2025-09-16T15:15:45Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.",
  "id": "GHSA-m68q-4hqr-mc6f",
  "modified": "2026-01-15T12:30:25Z",
  "published": "2025-09-16T15:32:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4953"
    },
    {
      "type": "WEB",
      "url": "https://github.com/containers/podman/pull/25173"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/containers/podman"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367235"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-4953"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:0316"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:2703"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:23113"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:22732"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:22724"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:22695"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:22275"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:22265"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:17669"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:16729"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:16724"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:15904"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:8690"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Podman Creates Temporary File with Insecure Permissions"
}

GHSA-P74H-FJJV-JRM8

Vulnerability from github – Published: 2024-07-09 12:30 – Updated: 2024-07-09 12:30
VLAI
Details

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate their privileges on the underlying OS level.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39872"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-378"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-09T12:15:19Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the \u0027Manage firmware updates\u0027 role to escalate their privileges on the underlying OS level.",
  "id": "GHSA-p74h-fjjv-jrm8",
  "modified": "2024-07-09T12:30:57Z",
  "published": "2024-07-09T12:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39872"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-PC22-3G76-GM6J

Vulnerability from github – Published: 2021-03-11 03:09 – Updated: 2021-03-22 23:45
VLAI
Summary
Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory
Details

Impact

On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory.

This vulnerability is local privilege escalation because the contents of the outputFolder can be appended to by an attacker. As such, code written to this directory, when executed can be attacker controlled.

Java Code

The method File.createTempFile from the JDK is vulnerable to this local information disclosure vulnerability.

https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-generator/src/main/java/io/swagger/generator/online/Generator.java#L174-L185

Patches

Fix has been applied to the master branch with:

  • https://github.com/swagger-api/swagger-codegen/commit/987ea7a30b463cc239580d6ad166c707ae942a89

included in release: 2.4.19

References

For more information

If you have any questions or comments about this advisory:

Original vulnerability report

I'm performing OSS security research under the GitHub Security Lab Bug Bounty program. I've been using a custom CodeQL query to find local temporary directory vulnerabilities in OSS with three custom CodeQL queries.

  • https://github.com/github/codeql/pull/4388/files#diff-71d36c0f2bd0b08e32866f873f1c906cdc17277e0ad327c0c6cd2c882f30de4f
  • https://github.com/github/codeql/pull/4388/files#diff-1893a18a8bf43c011d61a7889d0139b998a5a78701a30fe7722eddd4c506aaac
  • https://github.com/github/codeql/pull/4473

The code generated by the Swagger Generator contains a local information disclosure vulnerability. The system temporary directory, on unix-like systems is shared between multiple users. Information written to this directory, or directories created under this directory that do not correctly set the posix standard permissions can have these directories read/modified by other users.


This vulnerability exists in the maven plugin.

This vulnerability is distinctly different. This vulnerability is most likely a local privilege escalation vulnerability.

https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-generator/src/main/java/io/swagger/generator/online/Generator.java#L174-L185

This vulnerability is very similar to this similar vulnerability I disclosed in the Eclipse Jetty project.

https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6

This is due to a race condition between the call to delete and the call to mkdirs.

java // ensure file will always be unique by appending random digits File outputFolder = File.createTempFile("codegen-", "-tmp"); // Attacker knows the full path of the file that will be generated // delete the file that was created outputFolder.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Swagger Code Generator. // and make a directory of the same name // SECURITY VULNERABILITY: Race Condition! - Attacker beats Swagger Code Generator and now owns this directory outputFolder.mkdirs();

This vulnerability is local privilege escalation because the contents of the outputFolder can be appended to by an attacker. As such, code written to this directory, when executed can be attacker controlled.

The fix here is to switch to the Files API for creating temporary directories. Which does not contain this race condition, and appropriately sets the correct file permissions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.swagger:swagger-codegen"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21363"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-378",
      "CWE-379"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-11T03:07:41Z",
    "nvd_published_at": "2021-03-11T03:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\n\nOn Unix like systems, the system\u0027s temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. \n\nThis vulnerability is local privilege escalation because the contents of the `outputFolder` can be appended to by an attacker. As such, code written to this directory, when executed can be attacker controlled.\n\n#### Java Code\n\nThe method `File.createTempFile` from the JDK is vulnerable to this local information disclosure vulnerability.\n\nhttps://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-generator/src/main/java/io/swagger/generator/online/Generator.java#L174-L185\n\n\n### Patches\n\nFix has been applied to the master branch with:\n\n* https://github.com/swagger-api/swagger-codegen/commit/987ea7a30b463cc239580d6ad166c707ae942a89\n\nincluded in release: 2.4.19\n\n\n### References\n\n* [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html)\n* [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html)\n\n### For more information\nIf you have any questions or comments about this advisory:\n\n* Email us at [security@swagger.io](mailto:security@swagger.io)\n\n#### Original vulnerability report\n\n\u003e I\u0027m performing OSS security research under the GitHub Security Lab Bug Bounty program.\n\u003e I\u0027ve been using a custom CodeQL query to find local temporary directory vulnerabilities in OSS with three custom CodeQL queries.\n\u003e \n\u003e - https://github.com/github/codeql/pull/4388/files#diff-71d36c0f2bd0b08e32866f873f1c906cdc17277e0ad327c0c6cd2c882f30de4f\n\u003e - https://github.com/github/codeql/pull/4388/files#diff-1893a18a8bf43c011d61a7889d0139b998a5a78701a30fe7722eddd4c506aaac\n\u003e - https://github.com/github/codeql/pull/4473\n\u003e \n\u003e The code generated by the Swagger Generator contains a local information disclosure vulnerability. The system temporary directory, on unix-like systems is shared between multiple users. Information written to this directory, or directories created under this directory that do not correctly set the posix standard permissions can have these directories read/modified by other users.\n\u003e \n\u003e ---\n\u003e \n\u003e This vulnerability exists in the maven plugin.\n\u003e \n\u003e This vulnerability is distinctly different. This vulnerability is most likely a local privilege escalation vulnerability.\n\u003e \n\u003e https://github.com/swagger-api/swagger-codegen/blob/068b1ebcb7b04a48ad38f1cadd24bb3810c9f1ab/modules/swagger-generator/src/main/java/io/swagger/generator/online/Generator.java#L174-L185\n\u003e \n\u003e This vulnerability is very similar to this similar vulnerability I disclosed in the Eclipse Jetty project.\n\u003e \n\u003e https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6\n\u003e \n\u003e This is due to a race condition between the call to `delete` and the call to `mkdirs`.\n\u003e \n\u003e ```java\n\u003e // ensure file will always be unique by appending random digits\n\u003e File outputFolder = File.createTempFile(\"codegen-\", \"-tmp\"); // Attacker knows the full path of the file that will be generated\n\u003e // delete the file that was created\n\u003e outputFolder.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Swagger Code Generator.\n\u003e // and make a directory of the same name\n\u003e // SECURITY VULNERABILITY: Race Condition! - Attacker beats Swagger Code Generator and now owns this directory\n\u003e outputFolder.mkdirs();\n\u003e ```\n\u003e \n\u003e This vulnerability is local privilege escalation because the contents of the `outputFolder` can be appended to by an attacker. As such, code written to this directory, when executed can be attacker controlled.\n\u003e \n\u003e The fix here is to switch to the `Files` API for creating temporary directories. Which does not contain this race condition, and appropriately sets the correct file permissions.\n\u003e ",
  "id": "GHSA-pc22-3g76-gm6j",
  "modified": "2021-03-22T23:45:20Z",
  "published": "2021-03-11T03:09:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/swagger-api/swagger-codegen/security/advisories/GHSA-pc22-3g76-gm6j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21363"
    },
    {
      "type": "WEB",
      "url": "https://github.com/swagger-api/swagger-codegen/commit/987ea7a30b463cc239580d6ad166c707ae942a89"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory"
}

Mitigation
Requirements

Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible.

Mitigation
Implementation

Ensure that you use proper file permissions. This can be achieved by using a safe temp file function. Temporary files should be writable and readable only by the process that owns the file.

Mitigation
Implementation

Randomize temporary file names. This can also be achieved by using a safe temp-file function. This will ensure that temporary files will not be created in predictable places.

No CAPEC attack patterns related to this CWE.