Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:40905
HistoryJun 15, 2023 - 11:50 a.m.

Information Disclosure

2023-06-1511:50:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
40
information disclosure
filebackedoutputstream
vulnerability
temporary directory access

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0

Percentile

15.5%

com.google.guava, guava is vulnerable to Information Disclosure. The vulnerability exits due to incorrect default file permissions in FileBackedOutputStream, which allow an attacker to access the temporary directory.

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0

Percentile

15.5%