Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin

Description

Impact

Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. This vulnerability only impacts unix-like systems where the local system temporary directory is shared between all users. This vulnerability does not impact Windows or modern versions of MacOS.

OpenAPI Generator Maven plug-in creates insecure temporary files during the code generation process. It creates insecure temporary files to store the OpenAPI specification files provided by the users and these temporary files can be read by any users in the system.

The impact of this vulnerability is information disclosure of the contents of the specification file to other local users.

Patches

The issue has been patched with Files.createTempFile and released in the v5.1.0 stable version.

For more information

If you have any questions or comments about this advisory:
* Open an issue in OpenAPI Generator Github repo
* Email us at [email protected]

Basic information

Type
reviewed
Severity
medium
Advisory on GitHub
Open advisory ↗
Repository advisory
Open repository advisory ↗
Source code
Not specified
Published (advisory)
2021-04-29 21:51:37 UTC
Updated
2023-02-01 05:05:33 UTC
GitHub reviewed
2021-04-27 19:58:51 UTC
NVD published
2021-04-27

EPSS Score

Score Percentile
0.05% 16.50%

CVSS Scores

Base score Version Severity Vector
4.0 3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:L)
Some sensitive info could get out, but not a total data dump.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.

Identifiers

CWEs

CWE id Name
CWE-377 Insecure Temporary File
CWE-378 Creation of Temporary File With Insecure Permissions
CWE-379 Creation of Temporary File in Directory with Insecure Permissions
CWE-552 Files or Directories Accessible to External Parties

Credits

  • JLLeitschuh (analyst)

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
maven org.openapitools:openapi-generator-maven-plugin < 5.1.0 5.1.0

References

cvelogic Threat Intelligence