CWE-378 Base Borrador High likelihood

Creation of Temporary File With Insecure Permissions

This vulnerability occurs when a program creates a temporary file but sets its file permissions too loosely, allowing other users or processes on the system to read, modify, or delete the file.

Definición

What is CWE-378?

This vulnerability occurs when a program creates a temporary file but sets its file permissions too loosely, allowing other users or processes on the system to read, modify, or delete the file.
When a temporary file is created with insecure permissions (like world-readable or world-writable), it becomes an easy target for attackers on the same system. They can directly read sensitive data from the file, inject malicious content into it, or even delete it to cause a denial of service. This is especially dangerous because developers often assume temporary files are private and secure, leading them to store sensitive information like session tokens, passwords, or configuration data in them. To prevent this, always use secure APIs designed for temporary file creation that enforce strict permissions by default, such as `mkstemp` on Unix-like systems. If you must use a lower-level function, explicitly set restrictive file permissions immediately after creation. Additionally, consider using alternative, more secure storage methods like memory-based structures for highly sensitive data, and ensure proper file cleanup to reduce the attack window.
Impacto en el mundo real

Real-world CVEs caused by CWE-378

  • CVE-2022-24823

    A network application framework uses the Java function createTempFile(), which will create a file that is readable by other local users of the system

Cómo lo explotan los atacantes

Ruta del atacante paso a paso

  1. 1

    In the following code examples a temporary file is created and written to. After using the temporary file, the file is closed and deleted from the file system.

  2. 2

    However, within this C/C++ code the method tmpfile() is used to create and open the temp file. The tmpfile() method works the same way as the fopen() method would with read/write permission, allowing attackers to read potentially sensitive information contained in the temp file or modify the contents of the file.

  3. 3

    Similarly, the createTempFile() method used in the Java code creates a temp file that may be readable and writable to all users.

  4. 4

    Additionally both methods used above place the file into a default directory. On UNIX systems the default directory is usually "/tmp" or "/var/tmp" and on Windows systems the default directory is usually "C:\\Windows\\Temp", which may be easily accessible to attackers, possibly enabling them to read and modify the contents of the temp file.

Ejemplo de código vulnerable

Vulnerable C

In the following code examples a temporary file is created and written to. After using the temporary file, the file is closed and deleted from the file system.

Vulnerable C 
FILE *stream;
  if( (stream = tmpfile()) == NULL ) {
  		perror("Could not open new temporary file\n");
  		return (-1);
  }
```
// write data to tmp file* 
  ...
  // remove tmp file
  rmtmp();
Ejemplo de código seguro

Secure pseudo

Seguro pseudo 
// Validate, sanitize, or use a safe API before reaching the sink.
function handleRequest(input) {
  const safe = validateAndEscape(input);
  return executeWithGuards(safe);
}
What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Lista de prevención

How to prevent CWE-378

  • Requirements Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible.
  • Implementation Ensure that you use proper file permissions. This can be achieved by using a safe temp file function. Temporary files should be writable and readable only by the process that owns the file.
  • Implementation Randomize temporary file names. This can also be achieved by using a safe temp-file function. This will ensure that temporary files will not be created in predictable places.
Señales de detección

How to detect CWE-378

SAST High

Ejecuta análisis estático (SAST) sobre el código buscando el patrón inseguro en el flujo de datos.

DAST Moderate

Ejecuta pruebas dinámicas de seguridad de aplicaciones (DAST) contra el endpoint en vivo.

Runtime Moderate

Vigila los logs en tiempo de ejecución para detectar trazas de excepción inusuales, entradas malformadas o intentos de bypass de autorización.

Code review Moderate

Revisión de código: marca cualquier código nuevo que maneje entrada desde esta superficie sin usar los helpers validados del framework.

Auto-corrección de Plexicus

Plexicus detecta automáticamente CWE-378 y abre un PR de corrección en menos de 60 segundos.

Codex Remedium escanea cada commit, identifica esta debilidad concreta y entrega un pull request listo para revisión con el parche. Sin tickets. Sin traspasos.

Solicitar demo Probar Plexicus gratis
Preguntas frecuentes

Frequently asked questions

¿Qué es CWE-378?

This vulnerability occurs when a program creates a temporary file but sets its file permissions too loosely, allowing other users or processes on the system to read, modify, or delete the file.

¿Qué gravedad tiene CWE-378?

MITRE califica la probabilidad de explotación como Alta — esta debilidad se explota activamente en la práctica y debe priorizarse para su remediación.

¿Qué lenguajes o plataformas se ven afectados por CWE-378?

MITRE no ha especificado plataformas afectadas para esta CWE — puede aplicar a la mayoría de los stacks de aplicaciones.

¿Cómo puedo prevenir CWE-378?

Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible. Ensure that you use proper file permissions. This can be achieved by using a safe temp file function. Temporary files should be writable and readable only by the process that owns the file.

¿Cómo detecta y corrige Plexicus CWE-378?

El motor SAST de Plexicus detecta la firma de flujo de datos para CWE-378 en cada commit. Cuando hay coincidencia, nuestro agente Codex Remedium abre un PR de corrección con el código corregido, las pruebas y un resumen de una línea para el revisor.

¿Dónde puedo aprender más sobre CWE-378?

MITRE publica la definición canónica en https://cwe.mitre.org/data/definitions/378.html. También puedes consultar la documentación de OWASP y NIST para guías relacionadas.

Debilidades relacionadas

Weaknesses related to CWE-378

CWE-377 Padre

Insecure Temporary File

This vulnerability occurs when an application creates temporary files with insecure permissions or in predictable locations, allowing…

CWE-379 Hermano

Creation of Temporary File in Directory with Insecure Permissions

This vulnerability occurs when an application creates a temporary file in a directory that is too permissive, allowing unauthorized users…

Recursos

Further reading

Listo cuando tú lo estés

Deja de pagar por desarrollador.
Empieza a cerrar el bucle.

Plexicus es el ASPM nativo de IA que escanea, filtra, corrige, pentestea y explica — de forma autónoma. Desarrolladores ilimitados, repos ilimitados, acciones de IA de uso justo. Nivel gratuito real, €269/mo anual cuando estés listo.

Comenzar gratis Reservar una demo