[jira] [Updated] (FLINK-37666) Address CWE-378: Creation of Temporary File With Insecure Permissions in Temporary File Creation

ASF GitHub Bot (Jira) Sun, 13 Apr 2025 03:56:04 -0700


     [ 
https://issues.apache.org/jira/browse/FLINK-37666?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


ASF GitHub Bot updated FLINK-37666:
-----------------------------------
    Labels: pull-request-available  (was: )

> Address CWE-378: Creation of Temporary File With Insecure Permissions in 
> Temporary File Creation
> ------------------------------------------------------------------------------------------------
>
>                 Key: FLINK-37666
>                 URL: https://issues.apache.org/jira/browse/FLINK-37666
>             Project: Flink
>          Issue Type: Improvement
>            Reporter: Atul Sharma
>            Priority: Major
>              Labels: pull-request-available
>
> Currently, the Flink codebase uses File.createTempFile at many places for 
> creating temporary files. 
> This approach may result in temporary files being created with default system 
> permissions, which could potentially expose them to unauthorized access. 
> This is a security concern identified as CWE-378: Creation of Temporary File 
> With Insecure Permissions.
> Classes Affected: PackagedProgram.java, YarnClusterDescriptor.java, 
> ChangelogStreamHandleReaderWithCache, StreamWindowSQLExample 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (FLINK-37666) Address CWE-378: Creation of Temporary File With Insecure Permissions in Temporary File Creation

Reply via email to