CWE-377
Allowed-with-ReviewInsecure Temporary File
Abstraction: Class · Status: Incomplete
Creating and using insecure temporary files can leave application and system data vulnerable to attack.
169 vulnerabilities reference this CWE, most recent first.
GHSA-VP9J-RGHQ-8JHH
Vulnerability from github – Published: 2022-02-09 21:59 – Updated: 2024-11-18 16:26An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.10.0a1"
},
{
"fixed": "2.10.0rc1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.9.12"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-10744"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-377",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-05T13:49:09Z",
"nvd_published_at": "2020-05-15T14:15:00Z",
"severity": "LOW"
},
"details": "An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.",
"id": "GHSA-vp9j-rghq-8jhh",
"modified": "2024-11-18T16:26:11Z",
"published": "2022-02-09T21:59:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10744"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/issues/69782"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/ffd3757fc35468a97791e452e7f2d14c3e3fcb80"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-vp9j-rghq-8jhh"
},
{
"type": "PACKAGE",
"url": "https://github.com/ansible/ansible"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-208.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"type": "CVSS_V4"
}
],
"summary": "Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible"
}
GHSA-VQJ2-4V8M-8VRQ
Vulnerability from github – Published: 2022-02-24 00:00 – Updated: 2024-09-30 20:52mlflow prior to 1.23.1 contains an insecure temporary file. The insecure function tempfile.mktemp() is deprecated and mkstemp() should be used instead.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "mlflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.23.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-0736"
],
"database_specific": {
"cwe_ids": [
"CWE-377",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2022-02-24T21:42:26Z",
"nvd_published_at": "2022-02-23T09:15:00Z",
"severity": "HIGH"
},
"details": "mlflow prior to 1.23.1 contains an insecure temporary file. The insecure function `tempfile.mktemp()` is deprecated and `mkstemp()` should be used instead.",
"id": "GHSA-vqj2-4v8m-8vrq",
"modified": "2024-09-30T20:52:09Z",
"published": "2022-02-24T00:00:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0736"
},
{
"type": "WEB",
"url": "https://github.com/mlflow/mlflow/commit/61984e6843d2e59235d82a580c529920cd8f3711"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-vqj2-4v8m-8vrq"
},
{
"type": "PACKAGE",
"url": "https://github.com/mlflow/mlflow"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2022-28.yaml"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/e5384764-c583-4dec-a1d8-4697f4e12f75"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Insecure Temporary File in mlflow"
}
GHSA-W9XP-HQ72-9J37
Vulnerability from github – Published: 2024-11-13 15:31 – Updated: 2024-11-13 18:32Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem
{
"affected": [],
"aliases": [
"CVE-2024-49506"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-13T15:15:08Z",
"severity": "HIGH"
},
"details": "Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem",
"id": "GHSA-w9xp-hq72-9j37",
"modified": "2024-11-13T18:32:00Z",
"published": "2024-11-13T15:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49506"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49506"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-WWPQ-F5C3-7HVX
Vulnerability from github – Published: 2026-04-28 00:31 – Updated: 2026-05-06 19:00A local attacker on the same host as the application may be able to take control of the directory used by ApplicationTemp. When server.servlet.session.persistent is set to true and the attack persists across application restarts, this may allow the attacker to read session information and hijack authenticated users or deploy a gadget chain and execute code as the application's user.
Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); predictable temp directory / ApplicationTemp ownership verification. Versions that are no longer supported are also affected per vendor advisory.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot"
},
"ranges": [
{
"events": [
{
"introduced": "3.5.0"
},
{
"fixed": "3.5.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot"
},
"ranges": [
{
"events": [
{
"introduced": "3.4.0"
},
{
"last_affected": "3.4.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot"
},
"ranges": [
{
"events": [
{
"introduced": "3.3.0"
},
{
"last_affected": "3.3.18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.7.32"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-40973"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-06T19:00:10Z",
"nvd_published_at": "2026-04-28T00:16:24Z",
"severity": "HIGH"
},
"details": "A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persistent` is set to `true` and the attack persists across application restarts, this may allow the attacker to read session information and hijack authenticated users or deploy a gadget chain and execute code as the application\u0027s user.\n\nAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14), 3.4.0\u20133.4.15 (fix 3.4.16), 3.3.0\u20133.3.18 (fix 3.3.19), 2.7.0\u20132.7.32 (fix 2.7.33); predictable temp directory / `ApplicationTemp` ownership verification. Versions that are no longer supported are also affected per vendor advisory.",
"id": "GHSA-wwpq-f5c3-7hvx",
"modified": "2026-05-06T19:00:10Z",
"published": "2026-04-28T00:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40973"
},
{
"type": "PACKAGE",
"url": "https://github.com/spring-projects/spring-boot"
},
{
"type": "WEB",
"url": "https://spring.io/security/cve-2026-40973"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Spring Boot accepts predictable temp directory without ownership verification"
}
GHSA-X5M6-JH4R-34MV
Vulnerability from github – Published: 2022-02-15 01:07 – Updated: 2023-07-05 20:53The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/github/hub"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "hub"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-0177"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-20T20:32:04Z",
"nvd_published_at": "2014-05-27T14:55:10Z",
"severity": "MODERATE"
},
"details": "The `am` function in `lib/hub/commands.rb` in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.",
"id": "GHSA-x5m6-jh4r-34mv",
"modified": "2023-07-05T20:53:41Z",
"published": "2022-02-15T01:07:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0177"
},
{
"type": "WEB",
"url": "https://github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600"
},
{
"type": "WEB",
"url": "https://github.com/mislav/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600"
},
{
"type": "PACKAGE",
"url": "https://github.com/mislav/hub"
},
{
"type": "WEB",
"url": "https://github.com/mislav/hub/releases/tag/v1.12.1"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hub/CVE-2014-0177.yml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Hub Package Arbitrary File Overwrite"
}
GHSA-X7J6-WH2H-FCWX
Vulnerability from github – Published: 2025-06-27 00:31 – Updated: 2025-07-02 15:30pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.
{
"affected": [],
"aliases": [
"CVE-2015-0849"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-26T22:15:24Z",
"severity": "LOW"
},
"details": "pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.",
"id": "GHSA-x7j6-wh2h-fcwx",
"modified": "2025-07-02T15:30:35Z",
"published": "2025-06-27T00:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0849"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/790365"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XF2W-RWCJ-Q83W
Vulnerability from github – Published: 2022-12-28 21:30 – Updated: 2023-01-06 21:30A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216988.
{
"affected": [],
"aliases": [
"CVE-2022-4817"
],
"database_specific": {
"cwe_ids": [
"CWE-377",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-28T19:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216988.",
"id": "GHSA-xf2w-rwcj-q83w",
"modified": "2023-01-06T21:30:42Z",
"published": "2022-12-28T21:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4817"
},
{
"type": "WEB",
"url": "https://github.com/centic9/jgit-cookbook/pull/86"
},
{
"type": "WEB",
"url": "https://github.com/centic9/jgit-cookbook/commit/b8cb29b43dc704708d598c60ac1881db7cf8e9c3"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.216988"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.216988"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XWW5-GGV5-G549
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2023-01-19 15:30A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1.
{
"affected": [],
"aliases": [
"CVE-2021-25316"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-14T10:15:00Z",
"severity": "LOW"
},
"details": "A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1.",
"id": "GHSA-xww5-ggv5-g549",
"modified": "2023-01-19T15:30:31Z",
"published": "2022-05-24T17:47:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25316"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1182777"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-XXWQ-XF8C-V665
Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-23 00:00A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.
{
"affected": [],
"aliases": [
"CVE-2022-21945"
],
"database_specific": {
"cwe_ids": [
"CWE-377"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-16T10:15:00Z",
"severity": "MODERATE"
},
"details": "A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.",
"id": "GHSA-xxwq-xf8c-v665",
"modified": "2022-03-23T00:00:33Z",
"published": "2022-03-17T00:00:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21945"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1196446"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-149: Explore for Predictable Temporary File Names
An attacker explores a target to identify the names and locations of predictable temporary files for the purpose of launching further attacks against the target. This involves analyzing naming conventions and storage locations of the temporary files created by a target application. If an attacker can predict the names of temporary files they can use this information to mount other attacks, such as information gathering and symlink attacks.
CAPEC-155: Screen Temporary Files for Sensitive Information
An adversary exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application's routine execution flow. Many applications use temporary files to accelerate processing or to provide records of state across multiple executions of the application. Sometimes, however, these temporary files may end up storing sensitive information. By screening an application's temporary files, an adversary might be able to discover such sensitive information. For example, web browsers often cache content to accelerate subsequent lookups. If the content contains sensitive information then the adversary could recover this from the web cache.