← volver
CVE-2023-2976

Use of temporary directory for file creation in `FileBackedOutputStream` in Guava

CVSS 5.5 MEDIUMEPSS 0.2%CWE-552
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 jun 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Productos afectados
Google · Guava

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/google/guava/issues/2575https://security.netapp.com/advisory/ntap-20230818-0008/https://security.netapp.com/advisory/ntap-20241108-0002/https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html