5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.2 Medium
AI Score
Confidence
High
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
28.1%
Software: junit 4.11
OS: Cobalt 7.9
CVE-ID: CVE-2020-15250
CVE-Crit: MEDIUM
CVE-DESC: In JUnit4, from version 4.7 through 4.13.1, the TemporaryFolder test rule contains a local information disclosure vulnerability. In Unix-like systems, a system’s temporary directory is shared by all users on that system. Because of this, when files and directories are written to this directory, they are by default readable by other users on the same system. This vulnerability prevents other users from overwriting the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability affects you if JUnit tests write sensitive information, such as API keys or passwords, to a temporary folder and JUnit tests are executed in an environment where there are other untrusted users on the OS. Because some JDK file system APIs were only added in JDK 1.7, this fix depends on the version of the JDK you are using. For users of Java 1.7 and above: this vulnerability is fixed in version 4.13.1. For users of Java 1.6 and below: a patch is not available, you must use the workaround described below. If you cannot patch or are stuck on Java 1.6, specifying the system environment variable java.io.tmpdir in a directory that belongs exclusively to the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory document.
CVE-STATUS: default
CVE-REV: default
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.2 Medium
AI Score
Confidence
High
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
28.1%