Insecure Temporary File
CVE-2021-28100
Summary
Priam uses "File.createTempFile", which gives the permissions on that file "-rw-r--r--". An attacker with read access to the local filesystem can read anything written there by the Priam process.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-377 - Insecure Temporary File
Creating and using insecure temporary files can leave application and system data vulnerable to attack.
References
Advisory Timeline
- Published