Skip to main content

Creation of Temporary File With Insecure Permissions

CVE-2014-1839

Severity Medium
Score 4.4/10

Summary

The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.

  • MEDIUM
  • LOCAL
  • NONE
  • PARTIAL
  • PARTIAL
  • PARTIAL

CWE-378 - Creation of Temporary File With Insecure Permissions

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

Advisory Timeline

  • Published