CWE-379
AllowedCreation of Temporary File in Directory with Insecure Permissions
Abstraction: Base · Status: Incomplete
The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.
112 vulnerabilities reference this CWE, most recent first.
GHSA-HH2W-28R4-MPW7
Vulnerability from github – Published: 2024-06-11 18:30 – Updated: 2024-08-01 15:31Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root via a directory traversal.
{
"affected": [],
"aliases": [
"CVE-2024-36821"
],
"database_specific": {
"cwe_ids": [
"CWE-379",
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-11T18:15:13Z",
"severity": "HIGH"
},
"details": "Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root via a directory traversal.",
"id": "GHSA-hh2w-28r4-mpw7",
"modified": "2024-08-01T15:31:48Z",
"published": "2024-06-11T18:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36821"
},
{
"type": "WEB",
"url": "https://downloads.linksys.com/support/assets/releasenotes/WHW01_VLP01_1.1.13.202617_Customer_Release_Notes.txt"
},
{
"type": "WEB",
"url": "https://github.com/IvanGlinkin/CVE-2024-36821"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J6MG-G6PW-7WX6
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected by a Privilege Escalation vulnerability during installation. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary file system write in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-21100"
],
"database_specific": {
"cwe_ids": [
"CWE-379"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-15T14:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected by a Privilege Escalation vulnerability during installation. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary file system write in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-j6mg-g6pw-7wx6",
"modified": "2022-05-24T17:47:41Z",
"published": "2022-05-24T17:47:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21100"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-26.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JFGX-WXX8-MP94
Vulnerability from github – Published: 2026-06-17 13:55 – Updated: 2026-06-17 13:55Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts
Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary directory could prepare the expected package location before another user runs pi with a temporary extension package source. Pi could then load attacker-controlled extension code in the victim user's process.
Info
The vulnerable code path affected temporary extension package sources loaded with --extension or -e, specifically npm and git package sources. The temporary npm install root and temporary git clone paths were deterministic and rooted under os.tmpdir()/pi-extensions. The path was derived from public source information rather than from a per-user private directory or an unpredictable temporary directory.
During resource resolution, pi considered an npm package or git checkout present if the expected package path already existed. Extension resources discovered from that package location were then loaded by the extension loader. Because extensions execute with the same privileges as the invoking pi process, pre-created temporary package contents could execute as the victim user.
The issue primarily affects Linux-based multi-user hosts where the operating system temporary directory is shared across user accounts, such as shared development machines, CI runners, HPC login nodes, and similar environments. On Windows and macOS, the default temporary directory is typically user-scoped, so default configurations are not expected to be affected unless the temporary directory is overridden to a shared writable location.
Impact
A local attacker with access to the same host can exploit this only if a victim runs a vulnerable pi version with a temporary npm or git extension package source that maps to the attacker-prepared location. No network attack path is involved and no race must be won, but victim interaction is required.
Successful exploitation can allow arbitrary extension code execution as the victim user. This can expose or modify files accessible to that user and can also cause denial of service or data loss through malicious package contents or unsafe temporary cache entries.
Affected versions
@earendil-works/pi-coding-agent: affected>= 0.74.0, < 0.78.1; patched>= 0.78.1@mariozechner/pi-coding-agent: affected>= 0.50.0, <= 0.73.1; no patched version was released under the old package name. Migrate to@earendil-works/pi-coding-agent >= 0.78.1.
The solution
Version 0.78.1 moves temporary extension package installs to a private per-user directory under ~/.pi/agent/tmp/extensions and enforces 0700 permissions on that directory. The same release also hardens git package source path handling so managed clone paths remain inside their intended install roots.
Recommendations
Upgrade to @earendil-works/pi-coding-agent version 0.78.1 or later. Users of the deprecated @mariozechner/pi-coding-agent package should migrate to the @earendil-works/pi-coding-agent package and upgrade to a fixed version.
On shared Linux hosts, avoid using temporary npm or git extension package sources with vulnerable versions. Review any third-party extensions before loading them, because pi extensions run with full access to the invoking user's account.
Workarounds
If upgrading immediately is not possible, avoid --extension or -e with npm or git package sources on shared Linux systems. As an additional mitigation for vulnerable versions, configure the process temporary directory environment to point at a directory owned by the invoking user with 0700 permissions before starting pi.
Timeline
- 2026-05-29: Report received
- 2026-06-02: Fix committed
- 2026-06-04: Fixed version 0.78.1 released
- 2026-06-08: Advisory prepared for publication
Credits
Reported by Paul Urian and Cosmin Alexa of CrowdStrike.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@earendil-works/pi-coding-agent"
},
"ranges": [
{
"events": [
{
"introduced": "0.74.0"
},
{
"fixed": "0.78.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@mariozechner/pi-coding-agent"
},
"ranges": [
{
"events": [
{
"introduced": "0.50.0"
},
{
"last_affected": "0.73.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-54328"
],
"database_specific": {
"cwe_ids": [
"CWE-379"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-17T13:55:13Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "# Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts\n\nPi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary directory could prepare the expected package location before another user runs pi with a temporary extension package source. Pi could then load attacker-controlled extension code in the victim user\u0027s process.\n\n## Info\n\nThe vulnerable code path affected temporary extension package sources loaded with `--extension` or `-e`, specifically npm and git package sources. The temporary npm install root and temporary git clone paths were deterministic and rooted under `os.tmpdir()/pi-extensions`. The path was derived from public source information rather than from a per-user private directory or an unpredictable temporary directory.\n\nDuring resource resolution, pi considered an npm package or git checkout present if the expected package path already existed. Extension resources discovered from that package location were then loaded by the extension loader. Because extensions execute with the same privileges as the invoking pi process, pre-created temporary package contents could execute as the victim user.\n\nThe issue primarily affects Linux-based multi-user hosts where the operating system temporary directory is shared across user accounts, such as shared development machines, CI runners, HPC login nodes, and similar environments. On Windows and macOS, the default temporary directory is typically user-scoped, so default configurations are not expected to be affected unless the temporary directory is overridden to a shared writable location.\n\n## Impact\n\nA local attacker with access to the same host can exploit this only if a victim runs a vulnerable pi version with a temporary npm or git extension package source that maps to the attacker-prepared location. No network attack path is involved and no race must be won, but victim interaction is required.\n\nSuccessful exploitation can allow arbitrary extension code execution as the victim user. This can expose or modify files accessible to that user and can also cause denial of service or data loss through malicious package contents or unsafe temporary cache entries.\n\n## Affected versions\n\n- `@earendil-works/pi-coding-agent`: affected `\u003e= 0.74.0, \u003c 0.78.1`; patched `\u003e= 0.78.1`\n- `@mariozechner/pi-coding-agent`: affected `\u003e= 0.50.0, \u003c= 0.73.1`; no patched version was released under the old package name. Migrate to `@earendil-works/pi-coding-agent \u003e= 0.78.1`.\n\n## The solution\n\nVersion 0.78.1 moves temporary extension package installs to a private per-user directory under `~/.pi/agent/tmp/extensions` and enforces `0700` permissions on that directory. The same release also hardens git package source path handling so managed clone paths remain inside their intended install roots.\n\n## Recommendations\n\nUpgrade to `@earendil-works/pi-coding-agent` version 0.78.1 or later. Users of the deprecated `@mariozechner/pi-coding-agent` package should migrate to the `@earendil-works/pi-coding-agent` package and upgrade to a fixed version.\n\nOn shared Linux hosts, avoid using temporary npm or git extension package sources with vulnerable versions. Review any third-party extensions before loading them, because pi extensions run with full access to the invoking user\u0027s account.\n\n## Workarounds\n\nIf upgrading immediately is not possible, avoid `--extension` or `-e` with npm or git package sources on shared Linux systems. As an additional mitigation for vulnerable versions, configure the process temporary directory environment to point at a directory owned by the invoking user with `0700` permissions before starting pi.\n\n## Timeline\n\n- 2026-05-29: Report received\n- 2026-06-02: Fix committed\n- 2026-06-04: Fixed version 0.78.1 released\n- 2026-06-08: Advisory prepared for publication\n\n## Credits\n\nReported by Paul Urian and Cosmin Alexa of CrowdStrike.",
"id": "GHSA-jfgx-wxx8-mp94",
"modified": "2026-06-17T13:55:13Z",
"published": "2026-06-17T13:55:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/earendil-works/pi/security/advisories/GHSA-jfgx-wxx8-mp94"
},
{
"type": "WEB",
"url": "https://github.com/earendil-works/pi/pull/5345"
},
{
"type": "WEB",
"url": "https://github.com/earendil-works/pi/commit/a98e087e5d08ea2a536bf73dbb0aebb87c3ef72e"
},
{
"type": "WEB",
"url": "https://github.com/earendil-works/pi/commit/ea3465a8e371a12d0167a06b60f93878e3a3df44"
},
{
"type": "PACKAGE",
"url": "https://github.com/earendil-works/pi"
},
{
"type": "WEB",
"url": "https://github.com/earendil-works/pi/releases/tag/v0.78.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Pi Agent: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts"
}
GHSA-JMGM-GX32-VP4W
Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-21 18:49A vulnerability in the default_jsonalyzer function of the JSONalyzeQueryEngine in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the latest version and is fixed in version 0.12.3.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "llama-index"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.12.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-12911"
],
"database_specific": {
"cwe_ids": [
"CWE-379",
"CWE-89"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-21T18:49:08Z",
"nvd_published_at": "2025-03-20T10:15:32Z",
"severity": "HIGH"
},
"details": "A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the latest version and is fixed in version 0.12.3.",
"id": "GHSA-jmgm-gx32-vp4w",
"modified": "2025-03-21T18:49:08Z",
"published": "2025-03-20T12:32:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12911"
},
{
"type": "WEB",
"url": "https://github.com/run-llama/llama_index/commit/bf282074e20e7dafd5e2066137dcd4cd17c3fb9e"
},
{
"type": "PACKAGE",
"url": "https://github.com/run-llama/llama_index"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/095f9e67-311d-494c-99c5-5e61a0adb8f3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
],
"summary": "LlamaIndex vulnerable to Creation of Temporary File in Directory with Insecure Permissions"
}
GHSA-JXWM-WCQC-FGCC
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction.
{
"affected": [],
"aliases": [
"CVE-2021-21068"
],
"database_specific": {
"cwe_ids": [
"CWE-379"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-12T19:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction.",
"id": "GHSA-jxwm-wcqc-fgcc",
"modified": "2022-05-24T17:44:28Z",
"published": "2022-05-24T17:44:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21068"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MM62-QGR2-384Q
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is affected by a file handling vulnerability that could allow an attacker to arbitrarily overwrite a file. Exploitation of this issue requires local access, administrator privileges and user interaction.
{
"affected": [],
"aliases": [
"CVE-2021-28613"
],
"database_specific": {
"cwe_ids": [
"CWE-379"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-27T16:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is affected by a file handling vulnerability that could allow an attacker to arbitrarily overwrite a file. Exploitation of this issue requires local access, administrator privileges and user interaction.",
"id": "GHSA-mm62-qgr2-384q",
"modified": "2022-05-24T19:15:48Z",
"published": "2022-05-24T19:15:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28613"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-76.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MVPH-H5J7-4H2G
Vulnerability from github – Published: 2025-01-14 18:32 – Updated: 2025-05-06 15:30{
"affected": [],
"aliases": [
"CVE-2025-21173"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-379"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T18:15:30Z",
"severity": "HIGH"
},
"details": ".NET Elevation of Privilege Vulnerability",
"id": "GHSA-mvph-h5j7-4h2g",
"modified": "2025-05-06T15:30:54Z",
"published": "2025-01-14T18:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21173"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173"
},
{
"type": "WEB",
"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-21173"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P4PQ-252W-Q8GG
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-10-27 19:00Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim's machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer.
{
"affected": [],
"aliases": [
"CVE-2021-36002"
],
"database_specific": {
"cwe_ids": [
"CWE-379",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-01T15:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim\u0027s machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer.",
"id": "GHSA-p4pq-252w-q8gg",
"modified": "2022-10-27T19:00:40Z",
"published": "2022-05-24T19:12:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36002"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/captivate/apsb21-60.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P6GC-38CF-8626
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-10-19 12:00Adobe Photoshop Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction.
{
"affected": [],
"aliases": [
"CVE-2021-28597"
],
"database_specific": {
"cwe_ids": [
"CWE-379",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-28T15:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Photoshop Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction.",
"id": "GHSA-p6gc-38cf-8626",
"modified": "2022-10-19T12:00:23Z",
"published": "2022-05-24T19:06:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28597"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/photoshop_elements/apsb21-46.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P826-8VHQ-H439
Vulnerability from github – Published: 2021-05-06 15:27 – Updated: 2021-05-19 17:41Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds.
- https://vaadin.com/security/cve-2021-31411
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 14.5.2"
},
"package": {
"ecosystem": "Maven",
"name": "com.vaadin:vaadin-bom"
},
"ranges": [
{
"events": [
{
"introduced": "14.0.3"
},
{
"fixed": "14.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 19.0.2"
},
"package": {
"ecosystem": "Maven",
"name": "com.vaadin:vaadin-bom"
},
"ranges": [
{
"events": [
{
"introduced": "15.0.0"
},
{
"fixed": "19.0.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-31411"
],
"database_specific": {
"cwe_ids": [
"CWE-379"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-04T17:54:40Z",
"nvd_published_at": "2021-05-05T19:15:00Z",
"severity": "HIGH"
},
"details": "Insecure temporary directory usage in frontend build functionality of `com.vaadin:flow-server` versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds.\n\n- https://vaadin.com/security/cve-2021-31411",
"id": "GHSA-p826-8vhq-h439",
"modified": "2021-05-19T17:41:45Z",
"published": "2021-05-06T15:27:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vaadin/platform/security/advisories/GHSA-p826-8vhq-h439"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31411"
},
{
"type": "WEB",
"url": "https://github.com/vaadin/flow/pull/10640"
},
{
"type": "WEB",
"url": "https://vaadin.com/security/cve-2021-31411"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19"
}
Mitigation
Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible.
Mitigation
Try to store sensitive tempfiles in a directory which is not world readable -- i.e., per-user directories.
Mitigation
Avoid using vulnerable temp file functions.
No CAPEC attack patterns related to this CWE.