SYM_GO_0005 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Insecure Temporary File
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-377: Insecure Temporary File |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code creates files directly in the shared /tmp directory without using Go's ioutil.TempFile, which can lead to predictable filenames and race conditions. This makes it possible for other users or processes to interfere with or access those files.
Impact
An attacker could create or manipulate temporary files in /tmp before your code runs, potentially leading to data leaks, unauthorized file modification, or even code execution. This can compromise sensitive data or the stability of your application.