160 – Excessive privileges - Temporary Files

Description

The application creates temporary withouth properly restricting their privileges or access modes, allowing an attacker to craft new attack vectors

Impact

- Get access to the created temporary files. - Tamper data contained in the created temporary files.

Recommendation

Create the temporary files in a different directory than the default provided by the Operative system and ensure it has 0600 permission mask.

Threat

Authenticated attacker with local access to the server.

Expected Remediation Time

60 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: L
• Attack complexity: H
• Attack Requirements: N
• Privileges required: H
• User interaction: A
• Confidentiality (VC): L
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 095 - Define users with privileges
• 096 - Set user's required privileges
• 186 - Use the principle of least privilege

Fixes

• Csharp
• Dart
• Elixir
• Go
• Java
• Php
• Ruby
• Scala
• Typescript

Last updated

2024/02/14