028 – Insecure temporary files

Description

The system uses temporary files to store sensitive information. Alternatively, the system deploys sensitive temporary files to the production environment.

Impact

Steal server secrets.

Recommendation

Avoid saving sensitive information in server files.

Threat

Authenticated attacker with local access to the server.

Expected Remediation Time

30 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: L
• Attack complexity: L
• Attack Requirements: N
• Privileges required: H
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): L
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 036 - Do not deploy temporary files
• 177 - Avoid caching and temporary files

Fixes

• Csharp
• Dart
• Elixir
• Go
• Java
• Python
• Ruby
• Scala
• Swift
• Typescript

Last updated

2024/02/07