Atul Sharma created FLINK-37666:
-----------------------------------
Summary: Address CWE-378: Creation of Temporary File With Insecure
Permissions in Temporary File Creation
Key: FLINK-37666
URL: https://issues.apache.org/jira/browse/FLINK-37666
Project: Flink
Issue Type: Improvement
Reporter: Atul Sharma
Currently, the Flink codebase uses File.createTempFile at many places for
creating temporary files.
This approach may result in temporary files being created with default system
permissions, which could potentially expose them to unauthorized access.
This is a security concern identified as CWE-378: Creation of Temporary File
With Insecure Permissions.
Classes Affected: PackagedProgram.java, YarnClusterDescriptor.java,
ChangelogStreamHandleReaderWithCache, StreamWindowSQLExample
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
