CVE-2020-8908

CWE-378CWE-732Incorrect Permission AssignmentCWE-173CWE-200Information ExposureCWE-37915 documents8 sources
Severity
3.3LOW
EPSS
0.1%
top 78.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Google LLC GuavaGoogle GuavaOracle Nosql Database+10 more
Timeline
PublishedDec 10
Latest updateJul 15

Description

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we re

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages15 packages

NVDgoogle/guava< 32.0.0
CVEListV5google_llc/guava1.032.0
Mavencom.google.guava:guava< 32.0.0-android
Debianguava-libraries< 32.0.1-1+1

Patches

Patch: github.comPatch: github.comPatch: snyk.io

🔴Vulnerability Details

4
GHSA
Information Disclosure in Guava2021-03-25
OSV
Information Disclosure in Guava2021-03-25
CVEList
Temp directory permission issue in Guava2020-12-10
OSV
CVE-2020-8908: A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in2020-12-10

📋Vendor Advisories

10
Oracle
Oracle Oracle Communications Applications Risk Matrix: Charging Server (Google Guava) — CVE-2020-89082023-07-15
Oracle
Oracle Oracle JD Edwards Risk Matrix: E1 IOT Orchestrator Security (Google Guava) — CVE-2020-89082023-04-15
Oracle
Oracle Oracle Commerce Risk Matrix: Workbench (Guava) — CVE-2020-89082022-04-15
Oracle
Oracle Oracle Communications Risk Matrix: UDR (Guava) — CVE-2020-89082022-01-15
Oracle
Oracle Oracle Retail Applications Risk Matrix: Segment (Google Guava) — CVE-2020-89082021-10-15