Insecure Temporary File
MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of File.createTempFile(..) results in temporary files being created with the permissions -rw-r–r–. This means that any other user on the system can read the contents of this file. When MPXJ is reading a schedule file which requires the creation of …