CWE-378
Creation of Temporary File With Insecure Permissions
Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.
CVE-2023-6917 (GCVE-0-2023-6917)
Vulnerability from cvelistv5
Published
2024-02-28 14:38
Modified
2025-08-30 08:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-378 - Creation of Temporary File With Insecure Permissions
Summary
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2213 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6917 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2254983 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 9 |
Unaffected: 0:6.2.0-1.el9 < * cpe:/a:redhat:enterprise_linux:9::appstream |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:42:08.409Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2213", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2213" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6917" }, { "name": "RHBZ#2254983", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-6917", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-02-28T20:00:24.999365Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-12T20:41:24.811Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "pcp", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:6.2.0-1.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "pcp", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "pcp", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "pcp", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" } ], "datePublic": "2024-02-15T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-378", "description": "Creation of Temporary File With Insecure Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-08-30T08:14:17.562Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2213", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2213" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6917" }, { "name": "RHBZ#2254983", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983" } ], "timeline": [ { "lang": "en", "time": "2023-12-14T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-02-15T00:00:00+00:00", "value": "Made public." } ], "title": "Pcp: unsafe use of directories allows pcp to root privilege escalation", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "(CWE-61|CWE-378): UNIX Symbolic Link (Symlink) Following or Creation of Temporary File With Insecure Permissions" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6917", "datePublished": "2024-02-28T14:38:19.258Z", "dateReserved": "2023-12-18T11:14:14.230Z", "dateUpdated": "2025-08-30T08:14:17.562Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-23454 (GCVE-0-2024-23454)
Vulnerability from cvelistv5
Published
2024-09-25 07:45
Modified
2025-09-05 09:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-378 - Creation of Temporary File With Insecure Permissions
Summary
Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content.
This is because, on unix-like systems, the system temporary directory is
shared between all local users. As such, files written in this directory,
without setting the correct posix permissions explicitly, may be viewable
by all other local users.
References
▼ | URL | Tags |
---|---|---|
https://issues.apache.org/jira/browse/HADOOP-19031 | issue-tracking | |
https://lists.apache.org/thread/xlo7q8kn4tsjvx059r789oz19hzgfkfs | vendor-advisory |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache Hadoop |
Version: 0 ≤ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-11-01T17:03:09.837Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/09/25/1" }, { "url": "https://security.netapp.com/advisory/ntap-20241101-0002/" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-23454", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-25T15:19:22.767501Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-05T20:09:52.739Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache Hadoop", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "3.4.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Andrea Cosentino" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eApache Hadoop\u2019s RunJar.run()\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edoes not set permissions for temporary directory\u0026nbsp;by default. I\u003c/span\u003e\u003c/span\u003ef sensitive data will be present in this file, all the other local users may be able to view the content.\nThis is because, on unix-like systems, the system temporary directory is\nshared between all local users. As such, files written in this directory,\nwithout setting the correct posix permissions explicitly, may be viewable\nby all other local users.\n\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e" } ], "value": "Apache Hadoop\u2019s RunJar.run()\u00a0does not set permissions for temporary directory\u00a0by default. If sensitive data will be present in this file, all the other local users may be able to view the content.\nThis is because, on unix-like systems, the system temporary directory is\nshared between all local users. As such, files written in this directory,\nwithout setting the correct posix permissions explicitly, may be viewable\nby all other local users." } ], "metrics": [ { "other": { "content": { "text": "low" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-378", "description": "CWE-378 Creation of Temporary File With Insecure Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-05T09:09:36.997Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "issue-tracking" ], "url": "https://issues.apache.org/jira/browse/HADOOP-19031" }, { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/xlo7q8kn4tsjvx059r789oz19hzgfkfs" } ], "source": { "defect": [ "HADOOP-19031" ], "discovery": "UNKNOWN" }, "title": "Apache Hadoop: Temporary File Local Information Disclosure", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2024-23454", "datePublished": "2024-09-25T07:45:43.496Z", "dateReserved": "2024-01-17T09:57:28.086Z", "dateUpdated": "2025-09-05T09:09:36.997Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-39872 (GCVE-0-2024-39872)
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2025-08-27 20:42
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-378 - Creation of Temporary File With Insecure Permissions
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate their privileges on the underlying OS level.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Siemens | SINEMA Remote Connect Server |
Version: 0 < V3.2 SP1 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "sinema_remote_connect_server", "vendor": "siemens", "versions": [ { "lessThan": "3.2_sp1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-39872", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-13T23:03:46.251890Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-08-27T20:42:57.191Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:33:11.019Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Server", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 SP1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the \u0027Manage firmware updates\u0027 role to escalate their privileges on the underlying OS level." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.6, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:H", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-378", "description": "CWE-378: Creation of Temporary File With Insecure Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:28.983Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39872", "datePublished": "2024-07-09T12:05:28.983Z", "dateReserved": "2024-07-01T13:05:40.288Z", "dateUpdated": "2025-08-27T20:42:57.191Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-47884 (GCVE-0-2024-47884)
Vulnerability from cvelistv5
Published
2024-10-11 19:15
Modified
2025-09-02 14:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-378 - Creation of Temporary File With Insecure Permissions
Summary
foxmarks is a CLI read-only interface for Firefox's bookmarks and history. A temporary file was created under the /tmp directory with read permissions for all users containing a copy of Firefox's database of bookmarks, history, input history, visits counter, use counter, view counter and more confidential information about the history of using Firefox. Permissions default to 0o600 for NamedTempFile. However, after copying the database, its permissions were copied with it resulting in an insecure file with 0x644 permissions. A malicious user is able to read the database when the targeted user executes foxmarks bookmarks or foxmarks history. This vulnerability is patched in v2.1.0.
References
▼ | URL | Tags |
---|---|---|
https://github.com/zefr0x/foxmarks/security/advisories/GHSA-8rh2-6pwm-5vvq | x_refsource_CONFIRM | |
https://github.com/zefr0x/foxmarks/commit/c3706bd882b3d61b353e4193f7d2dcfabd0c9a8e | x_refsource_MISC |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-47884", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-11T19:32:26.175522Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-11T19:35:19.068Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "foxmarks", "vendor": "zefr0x", "versions": [ { "status": "affected", "version": "\u003c 2.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "foxmarks is a CLI read-only interface for Firefox\u0027s bookmarks and history. A temporary file was created under the /tmp directory with read permissions for all users containing a copy of Firefox\u0027s database of bookmarks, history, input history, visits counter, use counter, view counter and more confidential information about the history of using Firefox. Permissions default to 0o600 for NamedTempFile. However, after copying the database, its permissions were copied with it resulting in an insecure file with 0x644 permissions. A malicious user is able to read the database when the targeted user executes foxmarks bookmarks or foxmarks history. This vulnerability is patched in v2.1.0." } ], "metrics": [ { "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 2.4, "baseSeverity": "LOW", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-378", "description": "CWE-378: Creation of Temporary File With Insecure Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-02T14:34:15.177Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/zefr0x/foxmarks/security/advisories/GHSA-8rh2-6pwm-5vvq", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/zefr0x/foxmarks/security/advisories/GHSA-8rh2-6pwm-5vvq" }, { "name": "https://github.com/zefr0x/foxmarks/commit/c3706bd882b3d61b353e4193f7d2dcfabd0c9a8e", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/zefr0x/foxmarks/commit/c3706bd882b3d61b353e4193f7d2dcfabd0c9a8e" } ], "source": { "advisory": "GHSA-8rh2-6pwm-5vvq", "discovery": "UNKNOWN" }, "title": "Insecure Temporary File in `foxmarks`" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-47884", "datePublished": "2024-10-11T19:15:12.257Z", "dateReserved": "2024-10-04T16:00:09.631Z", "dateUpdated": "2025-09-02T14:34:15.177Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-38747 (GCVE-0-2025-38747)
Vulnerability from cvelistv5
Published
2025-08-06 19:48
Modified
2025-08-07 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-378 - Creation of Temporary File With Insecure Permissions
Summary
Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges.
References
▼ | URL | Tags |
---|---|---|
https://www.dell.com/support/kbdoc/en-us/000353093/dsa-2025-315 | vendor-advisory |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Dell | SupportAssist OS Recovery |
Version: N/A ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-38747", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-08-06T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-08-07T03:55:28.134Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "SupportAssist OS Recovery", "vendor": "Dell", "versions": [ { "lessThan": "5.5.14.0", "status": "affected", "version": "N/A", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Dell Technologies would like to thank falconCorrup for reporting this issue." } ], "datePublic": "2025-08-06T17:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges." } ], "value": "Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-378", "description": "CWE-378: Creation of Temporary File With Insecure Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-08-06T19:48:46.676Z", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.dell.com/support/kbdoc/en-us/000353093/dsa-2025-315" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2025-38747", "datePublished": "2025-08-06T19:48:46.676Z", "dateReserved": "2025-04-16T05:03:52.415Z", "dateUpdated": "2025-08-07T03:55:28.134Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-4953 (GCVE-0-2025-4953)
Vulnerability from cvelistv5
Published
2025-09-16 14:54
Modified
2025-09-16 16:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-378 - Creation of Temporary File With Insecure Permissions
Summary
A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2025-4953 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2367235 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-4953", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-09-16T16:15:17.109594Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-16T16:15:21.591Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "container-tools:rhel8/podman", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "podman", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift:4" ], "defaultStatus": "affected", "packageName": "rhcos", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat" } ], "datePublic": "2025-09-16T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-378", "description": "Creation of Temporary File With Insecure Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-16T15:34:56.458Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2025-4953" }, { "name": "RHBZ#2367235", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367235" } ], "timeline": [ { "lang": "en", "time": "2025-05-19T11:46:53.335000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2025-09-16T00:00:00+00:00", "value": "Made public." } ], "title": "Podman: build context bind mount", "workarounds": [ { "lang": "en", "value": "Avoid long-running build steps and overly permissive file permissions. Use RUN --mount=type=secret for sensitive data instead of bind mounts." } ], "x_redhatCweChain": "CWE-378: Creation of Temporary File With Insecure Permissions" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2025-4953", "datePublished": "2025-09-16T14:54:50.045Z", "dateReserved": "2025-05-19T11:55:32.522Z", "dateUpdated": "2025-09-16T16:15:21.591Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-9474 (GCVE-0-2025-9474)
Vulnerability from cvelistv5
Published
2025-08-26 05:02
Modified
2025-09-05 17:10
Severity ?
1.1 (Low) - CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4.5 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
4.5 (Medium) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
4.5 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
4.5 (Medium) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.321343 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.321343 | signature, permissions-required | |
https://vuldb.com/?submit.634656 | third-party-advisory | |
https://github.com/SwayZGl1tZyyy/n-days/blob/main/mihomo-party/README.md | related | |
https://github.com/SwayZGl1tZyyy/n-days/blob/main/mihomo-party/README.md#proof-of-concept-1 | exploit |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-9474", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-08-26T15:45:28.714687Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-05T17:10:11.510Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "modules": [ "Socket Handler" ], "product": "Party", "vendor": "Mihomo", "versions": [ { "status": "affected", "version": "1.8.0" }, { "status": "affected", "version": "1.8.1" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "SwayZGl1tZyyy (VulDB User)" }, { "lang": "en", "type": "analyst", "value": "SwayZGl1tZyyy (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used." }, { "lang": "de", "value": "In Mihomo Party bis 1.8.1 auf macOS ist eine Schwachstelle entdeckt worden. Betroffen ist die Funktion enableSysProxy der Datei src/main/sys/sysproxy.ts der Komponente Socket Handler. Dank Manipulation mit unbekannten Daten kann eine creation of temporary file with insecure permissions-Schwachstelle ausgenutzt werden. Der Angriff muss auf lokaler Ebene erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden." } ], "metrics": [ { "cvssV4_0": { "baseScore": 2, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 4.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 4.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 3.5, "vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-378", "description": "Creation of Temporary File With Insecure Permissions", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-377", "description": "Insecure Temporary File", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-08-26T05:02:09.404Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-321343 | Mihomo Party Socket sysproxy.ts enableSysProxy temp file", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.321343" }, { "name": "VDB-321343 | CTI Indicators (IOB, IOC, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.321343" }, { "name": "Submit #634656 | mihomo-party-org mihomo-party 1.8.1 Local privilege abuse via unprotected UNIX socket in Mihomo Part", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.634656" }, { "tags": [ "related" ], "url": "https://github.com/SwayZGl1tZyyy/n-days/blob/main/mihomo-party/README.md" }, { "tags": [ "exploit" ], "url": "https://github.com/SwayZGl1tZyyy/n-days/blob/main/mihomo-party/README.md#proof-of-concept-1" } ], "timeline": [ { "lang": "en", "time": "2025-08-25T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2025-08-25T02:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2025-08-25T19:44:50.000Z", "value": "VulDB entry last update" } ], "title": "Mihomo Party Socket sysproxy.ts enableSysProxy temp file" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2025-9474", "datePublished": "2025-08-26T05:02:09.404Z", "dateReserved": "2025-08-25T15:08:19.362Z", "dateUpdated": "2025-09-05T17:10:11.510Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phase: Requirements
Description:
- Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible.
Mitigation
Phase: Implementation
Description:
- Ensure that you use proper file permissions. This can be achieved by using a safe temp file function. Temporary files should be writable and readable only by the process that owns the file.
Mitigation
Phase: Implementation
Description:
- Randomize temporary file names. This can also be achieved by using a safe temp-file function. This will ensure that temporary files will not be created in predictable places.
No CAPEC attack patterns related to this CWE.