CWE-377 95 個 CVE MITRE 定義 ↗

CWE-377:Insecure Temporary File

概覽

CWE-377(Insecure Temporary File)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-46406 2026-06-29 Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path (/tmp/claude/response.md) without UID isolation, rando…
CVE-2026-41991 2026-06-29 GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temp…
CVE-2026-41001 2026-06-11 Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same h…
CVE-2026-45384 2026-06-10 bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on …
CVE-2026-49135 2026-06-01 CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable…
CVE-2026-49134 2026-06-01 CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporar…
CVE-2025-67223 2026-04-28 The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthent…
CVE-2026-40979 2026-04-28 In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
CVE-2026-40973 2026-04-27 A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persistent` is set to `true` and the attack pe…
CVE-2026-35342 2026-04-22 The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementat…
CVE-2026-20204 2026-04-15 In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a …
CVE-2026-4822 2026-03-25 A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a …
CVE-2026-25645 2026-03-25 Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system te…
CVE-2026-20651 2026-03-24 A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user…
CVE-2026-25701 2026-02-25 An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: * gain access to possible private information found in …
CVE-2026-20649 2026-02-11 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3. A user may be able to view sensitive user inform…
CVE-2026-20618 2026-02-11 An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.
CVE-2025-14614 2026-01-07 Insecure Temporary File vulnerability in Altera Quartus Prime Standard  Installer (SFX) on Windows, Altera Quartus Prime Lite  Installer (SFX) on Windows allows Explore for Predictable Temporary…
CVE-2025-14612 2026-01-06 Insecure Temporary File vulnerability in Altera Quartus Prime Pro  Installer (SFX) on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1.
CVE-2025-66625 2025-12-09 Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can…

內容提交

名稱
7 Pernicious Kingdoms
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, Other_Notes, Taxonomy_Mappings
2009-03-10 CWE Content Team 1.3 updated Demonstrative_Examples
2009-05-27 CWE Content Team 1.4 updated Demonstrative_Examples
2010-02-16 CWE Content Team 1.8 updated References
2011-06-01 CWE Content Team 1.13 updated Common_Consequences, Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated References, Relationships, Taxonomy_Mappings
2014-07-30 CWE Content Team 2.8 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, References, Taxonomy_Mappings
2018-03-27 CWE Content Team 3.1 updated References
2019-01-03 CWE Content Team 3.2 updated Relationships, Taxonomy_Mappings
2019-06-20 CWE Content Team 3.3 updated Related_Attack_Patterns
2020-02-24 CWE Content Team 4.0 updated References, Relationships, Type
2021-10-28 CWE Content Team 4.6 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Related_Attack_Patterns
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships, Time_of_Introduction
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes, Relationships
2023-10-26 CWE Content Team 4.13 updated Observed_Examples
2025-12-11 CWE Content Team 4.19 updated Other_Notes, Relationships, Weakness_Ordinalities
cvelogic Threat Intelligence