Linux Distros Unpatched Vulnerability : CVE-2021-29429

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by...

Security Bulletin: InfoSphere Data Replication is affected by a guava package vulnerbility (CVE-2023-2976)

Summary InfoSphere Data Replication uses the guava package. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw wit...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle, gradle-bootstrap (SUSE-SU-2024:1119-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1119-1 advisory. - The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for...

Atlassian Jira Service Management Data Center and Server < 5.4.16 / 5.5.x < 5.12.3 / 5.13.x < 5.13.1 / 5.14.0 (JSDSERVER-15111)

The version of Atlassian Jira Service Management Data Center and Server running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15111 advisory. - Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to...

BIT-GRADLE-2021-29428 Local privilege escalation through system temporary directory

In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...

Security Bulletin: IBM Spectrum Conductor with Google Guava versions 1.0 to 31.1 is vulnerable to access Java temporary directory

Summary IBM Spectrum Conductor with with Google Guava versions 1.0 to 31.1 is vulnerable to access Java temporary directory Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Google Guava (CVE-2023-2976)

Summary A vulnerability in Google Guava used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default temporary...

GHSA-HQ87-H4JG-VXFW Jenkins temporary uploaded file created with insecure permissions

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, uploaded files processed via the Stapler web framework and the Jenkins API MultipartFormDataParser create temporary files in the system temporary directory with the default permissions for newly created files. If these permissions are overly...

GHSA-QV64-W99C-QCR9 Jenkins temporary uploaded file created with insecure permissions

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, uploaded files processed via the Stapler web framework and the Jenkins API MultipartFormDataParser create temporary files in the system temporary directory with the default permissions for newly created files. If these permissions are overly...

Security Bulletin: Google Guava component is vulnerable to CVE-2023-2976 is used by IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Google Guava package which is vulnerable to CVE-2023-2976. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default temporary...

Low: guava

Issue Overview: No CVE associated with this advisory Affected Packages: guava Issue Correction: Run dnf update guava --releasever 2023.1.20230825 or dnf update --advisory ALAS2023-2023-305 --releasever 2023.1.20230825 to update your system. More information on how to update your system can be fou...

CVE-2023-2976

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files...

Design/Logic Flaw

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files...

PT-2023-4568 · Google +4 · Google Guava +6

Name of the Vulnerable Software and Affected Versions: Google Guava versions 1.0 through 31.1 Description: The issue is related to the use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava. This allows other users and apps on the machine with access...

PT-2023-21409 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.393 and earlier Jenkins LTS versions 2.375.3 and earlier Description: The issue arises when uploading a file parameter through the CLI, as Jenkins creates a temporary file in the default temporary directory with default...

Creation of Temporary File With Insecure Permissions

Overview Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions. A knowledgeable local user can locate temporary files created when a scheduled file is read. While they are in use, the user will be able to read the schedule being processed by MPXJ...

PYSEC-2022-42996

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems not Windows or macos, MPXJ's use of File.createTempFile.. results in temporary files being created with the permissions -rw-r--r--. This means that any other...

gradle: information disclosure through temporary directory permissions

In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that...

gradle: information disclosure through temporary directory permissions

In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded...