[
https://issues.apache.org/jira/browse/FLINK-37666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18083811#comment-18083811
]
Samrat Deb commented on FLINK-37666:
------------------------------------
[~atusharm] by any chance are you working on this fix. We are facing this issue
as well.
> Address CWE-378: Creation of Temporary File With Insecure Permissions in
> Temporary File Creation
> ------------------------------------------------------------------------------------------------
>
> Key: FLINK-37666
> URL: https://issues.apache.org/jira/browse/FLINK-37666
> Project: Flink
> Issue Type: Improvement
> Reporter: Atul Sharma
> Priority: Major
> Labels: pull-request-available
>
> Currently, the Flink codebase uses File.createTempFile at many places for
> creating temporary files.
> This approach may result in temporary files being created with default system
> permissions, which could potentially expose them to unauthorized access.
> This is a security concern identified as CWE-378: Creation of Temporary File
> With Insecure Permissions.
> Classes Affected: PackagedProgram.java, YarnClusterDescriptor.java,
> ChangelogStreamHandleReaderWithCache, StreamWindowSQLExample
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
