Creation of Temporary File in Directory with Insecure Permissions

CVE-2021-40776

Medium

6.1/10

Summary

Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability.

Attack Complexity: LOW
Attack Vector: PHYSICAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-379 - Creation of Temporary File in Directory with Insecure Permissions

The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.

References

Advisory Timeline

Published Jun 15, 2022

Creation of Temporary File in Directory with Insecure Permissions

CVE-2021-40776

Summary

CWE-379 - Creation of Temporary File in Directory with Insecure Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS