Creation of Temporary File With Insecure Permissions

CVE-2022-24411

High

7.8/10

Summary

Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-378 - Creation of Temporary File With Insecure Permissions

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

References

Advisory Timeline

Published Apr 12, 2022

Creation of Temporary File With Insecure Permissions

CVE-2022-24411

Summary

CWE-378 - Creation of Temporary File With Insecure Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS