CVE-2020-8908
LOW
3,3
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
LOW
2,1
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none
Description
AI Translation Available
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0007
Percentile
0,2th
Updated
EPSS Score Trend (Last 90 Days)
378
Creation of Temporary File With Insecure Permissions
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Authorization
Other
Integrity
Potential Impacts:
Read Application Data
Other
Applicable Platforms
All platforms may be affected
732
Incorrect Permission Assignment for Critical Resource
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Access Control
Integrity
Other
Potential Impacts:
Read Application Data
Read Files Or Directories
Gain Privileges Or Assume Identity
Modify Application Data
Other
Applicable Platforms
Technologies:
Cloud Computing, Not Technology-Specific
Application
Weblogic Server by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Primavera Unifier by Oracle
Version Range Affected
From
17.7
(inclusive)
To
17.12
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Primavera Unifier by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Pricing Design Center by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Primavera Unifier by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Commerce Guided Search by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Primavera Unifier by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Active Iq Unified Manager by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Peoplesoft Enterprise Peopletools by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Quarkus by Quarkus
Version Range Affected
To
1.11.4
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Cloud Native Core Network Repository Function by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Data Integrator by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Data Integrator by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Pricing Design Center by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Cloud Native Core Network Slice Selection Function by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Active Iq Unified Manager by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Retail Customer Management And Segmentation Foundation by Oracle
Version Range Affected
From
16.0
(inclusive)
To
19.0
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Peoplesoft Enterprise Peopletools by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Nosql Database by Oracle
Version Range Affected
To
20.3
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Peoplesoft Enterprise Peopletools by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Primavera Unifier by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Guava by Google
Version Range Affected
To
32.0.0
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:google:guava:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Active Iq Unified Manager by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40
https://github.com/google/guava/issues/4011
https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66a…
https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1…
https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949…
https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23…
https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d05528…
https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6…
https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf0…
https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abb…
https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e3…
https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9f…
https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4…
https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add4…
https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6…
https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c7…
https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8…
https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a2…
https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb65…
https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e…
https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98…
https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b017…
https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86e…
https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2…
https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98…
https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe…
https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f8…
https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378d…
https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29…
https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94…
https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b0545…
https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188…
https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1…
https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7…
https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba08300…
https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b…
https://security.netapp.com/advisory/ntap-20220210-0003/
https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40
https://github.com/google/guava/issues/4011
https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66a…
https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1…
https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949…
https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23…
https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d05528…
https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6…
https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf0…
https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abb…
https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e3…
https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9f…
https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4…
https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add4…
https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6…
https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c7…
https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8…
https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a2…
https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb65…
https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e…
https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98…
https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b017…
https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86e…
https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2…
https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98…
https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe…
https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f8…
https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378d…
https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29…
https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94…
https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b0545…
https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188…
https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1…
https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7…
https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba08300…
https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b…
https://security.netapp.com/advisory/ntap-20220210-0003/
https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html