CVE-2020-8908

{"id": "CVE-2020-8908", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cve-coordination@google.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2020-12-10T23:15:13.973", "references": [{"url": "https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40", "tags": ["Patch", "Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://github.com/google/guava/issues/4011", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21%40%3Ccommon-issues.hadoop.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14%40%3Cdev.drill.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54%40%3Cdev.drill.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e%40%3Ccommits.ws.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6%40%3Cyarn-issues.hadoop.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4%40%3Cdev.drill.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748%40%3Ccommits.pulsar.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc%40%3Cissues.geode.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6%40%3Ccommits.cxf.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27%40%3Cyarn-dev.hadoop.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac%40%3Ccommon-issues.hadoop.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44%40%3Cissues.geode.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199%40%3Cyarn-issues.hadoop.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a%40%3Cdev.drill.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222%40%3Ccommits.ws.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c%40%3Cissues.hive.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09%40%3Cyarn-issues.hadoop.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba%40%3Cissues.maven.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3%40%3Cyarn-issues.hadoop.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322%40%3Cgitbox.hive.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf%40%3Ccommits.cxf.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97%40%3Cissues.geode.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f%40%3Cdev.hive.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95%40%3Cgithub.arrow.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5%40%3Cissues.hive.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf%40%3Cdev.pig.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27%40%3Cyarn-issues.hadoop.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85%40%3Cissues.geode.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e%40%3Cyarn-dev.hadoop.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625%40%3Cissues.geode.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594%40%3Cdev.myfaces.apache.org%3E", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://security.netapp.com/advisory/ntap-20220210-0003/", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve-coordination@google.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}, {"type": "Secondary", "source": "cve-coordination@google.com", "description": [{"lang": "en", "value": "CWE-378"}]}], "descriptions": [{"lang": "en", "value": "A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.\n\n"}, {"lang": "es", "value": "Se presenta una vulnerabilidad en la creaci\u00f3n de directorios temporales en todas las versiones de Guava, que permite a un atacante con acceso a la m\u00e1quina acceder potencialmente a los datos de un directorio temporal creado por la API de Guava com.google.common.io.Files.createTempDir(). Por defecto, en los sistemas de tipo unix, el directorio creado es legible por el mundo (legible por un atacante con acceso al sistema). El m\u00e9todo en cuesti\u00f3n ha sido marcado como @Deprecated en las versiones 30.0 y posteriores y no debe ser utilizado. Para los desarrolladores de Android, recomendamos elegir una API de directorio temporal proporcionada por Android, como context.getCacheDir(). Para otros desarrolladores de Java, recomendamos migrar a la API de Java 7 java.nio.file.Files.createTempDirectory() que configura expl\u00edcitamente los permisos de 700, o configurar la propiedad del sistema java.io.tmpdir del tiempo de ejecuci\u00f3n de Java para que apunte a una ubicaci\u00f3n cuyos permisos est\u00e9n configurados adecuadamente"}], "lastModified": "2023-08-02T17:30:47.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:guava:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0FA9B26-6D87-4FE1-B719-EC4770B5418D", "versionEndExcluding": "32.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89306BA8-9E5C-49F6-AB32-B78BE1D831F0", "versionEndExcluding": "1.11.4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79"}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADE6EF8F-1F05-429B-A916-76FDB20CEB81"}, {"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A28F42F0-FBDA-4574-AD30-7A04F27FEA3E"}, {"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "129CA55C-C770-4D42-BD17-9011F3AC93C4"}, {"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38"}, {"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9"}, {"criteria": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D04565AE-D092-4AE0-8FEE-0E8114662A1B", "versionEndExcluding": "20.3"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597"}, {"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B92BB355-DB00-438E-84E5-8EC007009576", "versionEndIncluding": "19.0", "versionStartIncluding": "16.0"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E463039-5E48-4AA0-A42B-081053FA0111"}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", "versionEndIncluding": "17.12", "versionStartIncluding": "17.7"}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2"}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F"}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06"}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1"}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "vulnerable": true, "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@google.com"}