Lucene search

K
mageiaGentoo FoundationMGASA-2024-0159
HistoryMay 01, 2024 - 1:25 a.m.

Updated guava packages fix security vulnerabilities

2024-05-0101:25:14
Gentoo Foundation
advisories.mageia.org
32
guava
security
vulnerabilities
bug
access
machine
data
temporary directory
predictable files
filebackedoutputstream
cve-2020-8908
cve-2023-2976
unix

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

25.5%

A bug that could allow an attacker with access to the machine to potentially access data in a temporary directory created by the Guava. (CVE-2020-8908) Predictable temporary files and directories used in FileBackedOutputStream. (CVE-2023-2976)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchguava< 32.0.1-1guava-32.0.1-1.mga9

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

25.5%