Common Weakness Enumeration

CWE-377

Allowed-with-Review

Insecure Temporary File

Abstraction: Class · Status: Incomplete

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

170 vulnerabilities reference this CWE, most recent first.

GHSA-MQ4F-242H-V9HJ

Vulnerability from github – Published: 2024-03-08 03:31 – Updated: 2026-04-02 21:31
VLAI
Details

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23287"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-08T02:15:50Z",
    "severity": "MODERATE"
  },
  "details": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data.",
  "id": "GHSA-mq4f-242h-v9hj",
  "modified": "2026-04-02T21:31:38Z",
  "published": "2024-03-08T03:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23287"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120881"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120893"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120895"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214081"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214084"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214088"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214081"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214084"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214088"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P4JG-PCCF-H82C

Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2022-04-06 23:57
VLAI
Summary
Insecure Temporary File in SWHKD
Details

SWHKD is a display protocol-independent hotkey daemon made in Rust. In SWHKD versions 1.1.5 and prior, SWHKD uses the /tmp/swhkd.pid pathname. As /tmp is accessible to all users, there can be an information leak or denial of service. No known workarounds exist. A patch is available on the 1.1.0 branch of the repository.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "Simple-Wayland-HotKey-Daemon"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-27815"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377",
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-04-01T15:15:36Z",
    "nvd_published_at": "2022-03-30T00:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "SWHKD is a display protocol-independent hotkey daemon made in Rust. In SWHKD versions 1.1.5 and prior, SWHKD uses the /tmp/swhkd.pid pathname. As /tmp is accessible to all users, there can be an information leak or denial of service. No known workarounds exist. A patch is available on the `1.1.0` branch of the repository.",
  "id": "GHSA-p4jg-pccf-h82c",
  "modified": "2022-04-06T23:57:05Z",
  "published": "2022-03-31T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27815"
    },
    {
      "type": "WEB",
      "url": "https://github.com/waycrate/swhkd/commit/e661a4940df78fbb7b52c622ac4ae6a3a7f7d8aa"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/waycrate/swhkd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/waycrate/swhkd/releases"
    },
    {
      "type": "WEB",
      "url": "https://github.com/waycrate/swhkd/releases/tag/1.2.0"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/04/14/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Insecure Temporary File in SWHKD"
}

GHSA-P6FP-WHJX-7G5M

Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-23 00:00
VLAI
Details

A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46705"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-16T10:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.",
  "id": "GHSA-p6fp-whjx-7g5m",
  "modified": "2022-03-23T00:00:34Z",
  "published": "2022-03-17T00:00:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46705"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1190474"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P6RP-MX85-M459

Vulnerability from github – Published: 2024-01-31 09:30 – Updated: 2025-06-04 21:10
VLAI
Summary
Spring Cloud Contract vulnerable to local information disclosure
Details

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.cloud:spring-cloud-contract-shade"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1.0"
            },
            {
              "fixed": "4.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.1.0"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.cloud:spring-cloud-contract-shade"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.cloud:spring-cloud-contract-shade"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-22236"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377",
      "CWE-732"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-31T18:07:41Z",
    "nvd_published_at": "2024-01-31T07:15:07Z",
    "severity": "LOW"
  },
  "details": "In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava\u00a0dependency in the org.springframework.cloud:spring-cloud-contract-shade\u00a0dependency.",
  "id": "GHSA-p6rp-mx85-m459",
  "modified": "2025-06-04T21:10:01Z",
  "published": "2024-01-31T09:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22236"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spring-cloud/spring-cloud-contract"
    },
    {
      "type": "WEB",
      "url": "https://spring.io/security/cve-2024-22236"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Spring Cloud Contract vulnerable to local information disclosure"
}

GHSA-PGJF-9QG9-F4GV

Vulnerability from github – Published: 2026-02-25 12:30 – Updated: 2026-02-25 12:30
VLAI
Details

An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: * gain access to possible private information found in /var/lib/pcrlock.d * manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the integrity of the data should it be restored. *  overwrite protected system files with data from /var/lib/pcrlock.d by placing symlinks to existing files in the directory tree in /tmp/pcrlock.d.bak.

This issue affects sdbootutil: from ? before 5880246d3a02642dc68f5c8cb474bf63cdb56bca.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-25701"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-25T12:16:17Z",
    "severity": "HIGH"
  },
  "details": "An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to\u00a0pre-create a directory to achieve various effects like:\n  *  gain access to possible private information found in /var/lib/pcrlock.d\n  *  manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the integrity of the data should it be restored.\n  *  \u00a0overwrite protected system files with data from /var/lib/pcrlock.d by placing symlinks to existing files in the directory tree in /tmp/pcrlock.d.bak.\n\n\nThis issue affects sdbootutil: from ? before 5880246d3a02642dc68f5c8cb474bf63cdb56bca.",
  "id": "GHSA-pgjf-9qg9-f4gv",
  "modified": "2026-02-25T12:30:29Z",
  "published": "2026-02-25T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25701"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1258241"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-PH92-W482-M4JJ

Vulnerability from github – Published: 2024-03-11 00:30 – Updated: 2024-03-11 00:30
VLAI
Details

If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-2313"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-10T23:15:53Z",
    "severity": "LOW"
  },
  "details": "If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.",
  "id": "GHSA-ph92-w482-m4jj",
  "modified": "2024-03-11T00:30:45Z",
  "published": "2024-03-11T00:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2313"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998"
    },
    {
      "type": "WEB",
      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PV57-6VH7-F36C

Vulnerability from github – Published: 2025-11-13 21:31 – Updated: 2025-11-13 21:31
VLAI
Details

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-46368"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-13T20:15:49Z",
    "severity": "MODERATE"
  },
  "details": "Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.",
  "id": "GHSA-pv57-6vh7-f36c",
  "modified": "2025-11-13T21:31:19Z",
  "published": "2025-11-13T21:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46368"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000379467/dsa-2025-392"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q37P-CXJ4-XGFV

Vulnerability from github – Published: 2025-11-13 21:31 – Updated: 2025-11-13 21:31
VLAI
Details

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-46369"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-13T20:15:50Z",
    "severity": "HIGH"
  },
  "details": "Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation.",
  "id": "GHSA-q37p-cxj4-xgfv",
  "modified": "2025-11-13T21:31:19Z",
  "published": "2025-11-13T21:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46369"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000379467/dsa-2025-392"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q4HM-FWC9-HMV6

Vulnerability from github – Published: 2021-06-16 17:53 – Updated: 2022-04-18 21:55
VLAI
Summary
Insecure temporary file used in com.squareup:connect
Details

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded by downloadFileFromResponse will be visible to all other users on the local system. A workaround fix for this issue is to set the system property java.io.tmpdir to a safe directory as remediation. Note: This version of the SDK is end of life and no longer maintained, please upgrade to the latest version.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.squareup:connect"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.20191120.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23331"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-22T22:46:28Z",
    "nvd_published_at": "2021-02-03T18:15:00Z",
    "severity": "LOW"
  },
  "details": "This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded by downloadFileFromResponse will be visible to all other users on the local system. A workaround fix for this issue is to set the system property java.io.tmpdir to a safe directory as remediation. Note: This version of the SDK is end of life and no longer maintained, please upgrade to the latest version.",
  "id": "GHSA-q4hm-fwc9-hmv6",
  "modified": "2022-04-18T21:55:54Z",
  "published": "2021-06-16T17:53:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23331"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/square/connect-java-sdk"
    },
    {
      "type": "WEB",
      "url": "https://github.com/square/connect-java-sdk/blob/master/src/main/java/com/squareup/connect/ApiClient.java%23L613"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-COMSQUAREUP-1065988"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Insecure temporary file used in com.squareup:connect"
}

GHSA-Q78X-RRX8-5M7Q

Vulnerability from github – Published: 2022-04-22 00:24 – Updated: 2022-04-22 00:24
VLAI
Details

caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-4119"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-26T13:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "caml-light \u003c= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install.",
  "id": "GHSA-q78x-rrx8-5m7q",
  "modified": "2022-04-22T00:24:29Z",
  "published": "2022-04-22T00:24:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4119"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/oss-sec/2011/q4/249"
    },
    {
      "type": "WEB",
      "url": "https://vuxml.freebsd.org/freebsd/9dde9dac-08f4-11e1-af36-003067b2972c.html"
    },
    {
      "type": "WEB",
      "url": "http://gnats.netbsd.org/45558"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

No mitigation information available for this CWE.

CAPEC-149: Explore for Predictable Temporary File Names

An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.

CAPEC-155: Screen Temporary Files for Sensitive Information

An adversary exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application's routine execution flow. Many applications use temporary files to accelerate processing or to provide records of state across multiple executions of the application. Sometimes, however, these temporary files may end up storing sensitive information. By screening an application's temporary files, an adversary might be able to discover such sensitive information. For example, web browsers often cache content to accelerate subsequent lookups. If the content contains sensitive information then the adversary could recover this from the web cache.