Creation of Temporary File in Directory with Insecure Permissions

CVE-2022-3952

High

7.1/10

Summary

A vulnerability has been found in ManyDesigns Portofino through 5.3.2 and classified as problematic. Affected by this vulnerability is the function "createTempDir" of the file "WarFileLauncher.java". The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address this issue. It is recommended to upgrade the affected component.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-379 - Creation of Temporary File in Directory with Insecure Permissions

The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.

References

Advisory
Release Note
Pull request

Advisory Timeline

Published Nov 11, 2022

Creation of Temporary File in Directory with Insecure Permissions

CVE-2022-3952

Summary

CWE-379 - Creation of Temporary File in Directory with Insecure Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS