CVE-2020-8908
Description
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtimes java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
Risk Information
Base Score
3.3
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.072
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are affected in Oracle WebLogic Server 14.1.1.0.0 | Windows |
| Vulnerabilities CVE-2023-2976,CVE-2020-8908 are fixed in Google-guava 32.0.0 | Windows |
| Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.57 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.59 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.2.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10.5.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.12.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 11.0.0.21 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 12.0.8.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.2.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0 | Windows |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debugsource-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-debuginfo-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-debugsource-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-syms-5.14.21-150400.24.49.4.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-devel-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-docs-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-macros-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-source-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2023:3090-1(Development Tools Module 15-SP4 ) guava-32.0.1-150200.3.7.1.noarch.rpm | Linux |
| SUSE-SU-2023:3090-1(Development Tools Module 15-SP5 ) guava-32.0.1-150200.3.7.1.noarch_15_SP5.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-99~1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-debugsource-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1831-1(Development Tools Module 15-SP4) jsr-305-3.0.2-150200.3.7.5.noarch.rpm | Linux |
| Vulnerabilities CVE-2023-2976,CVE-2020-8908 are fixed in Google-guava for Linux 32.0.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234