Lucene search
Veracode Vulnerability DatabaseVERACODE:38903HistoryJan 18, 2023 - 2:38 a.m.
Insecure Temporary File
2023-01-1802:38:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
globalpomutils-fileresources
vulnerability
insecure temporary files
file.createtempfile
createtmpdir method
fileresourcemanagerprovider.java
temporary directory
default permissions
potentially sensitive files
sensitive information disclosure
software
0.002 Low
EPSS
Percentile
53.4%
globalpomutils-fileresources is vulnerable to Insecure Temporary Files. The vulnerability exists due to the File.createTempFile function in the createTmpDir method of FileResourceManagerProvider.java, which creates a temporary directory with default permissions. This directory has READ all permissions, allowing an attacker access to potentially sensitive files, which results in Sensitive Information Disclosure.
| CPE | Name | Operator | Version |
|---|---|---|---|
| global pom utilities :: file resources manager | le | 4.5.0 | |
| global pom utilities :: file resources manager | le | 4.5.0 |
Related
cve
cve
CVE-2018-25068
2023-01-06 21:15:09
prion
prion
Design/Logic Flaw
2023-01-06 21:15:00
osv
osv
globalpom-utils has Insecure Temporary File
2023-01-06 21:30:40
CVE-2018-25068
2023-01-06 21:15:09
cvelist
cvelist
nvd
nvd
CVE-2018-25068
2023-01-06 21:15:09
github
github
globalpom-utils has Insecure Temporary File
2023-01-06 21:30:40