[jira] [Created] (FLINK-37666) Address CWE-378: Creation of Temporary File With Insecure Permissions in Temporary File Creation

Atul Sharma (Jira) Sun, 13 Apr 2025 03:22:08 -0700

Atul Sharma created FLINK-37666:
-----------------------------------

             Summary: Address CWE-378: Creation of Temporary File With Insecure 
Permissions in Temporary File Creation
                 Key: FLINK-37666
                 URL: https://issues.apache.org/jira/browse/FLINK-37666
             Project: Flink
          Issue Type: Improvement
            Reporter: Atul Sharma



Currently, the Flink codebase uses File.createTempFile at many places for 
creating temporary files. 
This approach may result in temporary files being created with default system 
permissions, which could potentially expose them to unauthorized access. 
This is a security concern identified as CWE-378: Creation of Temporary File 
With Insecure Permissions.

Classes Affected: PackagedProgram.java, YarnClusterDescriptor.java, 
ChangelogStreamHandleReaderWithCache, StreamWindowSQLExample 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (FLINK-37666) Address CWE-378: Creation of Temporary File With Insecure Permissions in Temporary File Creation

Reply via email to