CVE-2022-4968: Insecure Temporary World Readable Umask
Temporarily assigning a permissive umask (e.g., 022) to force newly created files to be world-readable can leak sensitive information. For example, VPN private keys in network configuration files may become accessible to unprivileged local users (CVE-2022-4968). Additionally, umask() is process-wide and not thread-safe. Instead of toggling umask, explicitly
Cβgreprules fetch cve-2022-4968-insecure-temporary-world-readable-umask --engine opengrepDescription
Temporarily assigning a permissive umask (e.g., 022) to force newly created files to be world-readable can leak sensitive information. For example, VPN private keys in network configuration files may become accessible to unprivileged local users (CVE-2022-4968). Additionally, umask() is process-wide and not thread-safe. Instead of toggling umask, explicitly
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0