Vulnerability Details : CVE-2023-2976
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.
Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
Products affected by CVE-2023-2976
- cpe:2.3:a:google:guava:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-2976
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-2976
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
Google Inc. | |
|
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
1.8
|
5.2
|
NIST | |
|
7.1
|
HIGH | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
N/A
|
N/A
|
Oracle:CPUOct2023 |
CWE ids for CVE-2023-2976
-
The product makes files or directories accessible to unauthorized actors, even though they should not be.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-2976
-
https://github.com/google/guava/issues/2575
Security scan reported problem with com.google.common.io.FileBackedOutputStream · Issue #2575 · google/guava · GitHubIssue Tracking;Patch;Vendor Advisory
-
https://security.netapp.com/advisory/ntap-20230818-0008/
CVE-2023-2976 Guava Vulnerability in NetApp Products | NetApp Product Security
-
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html
INTEL-SA-01006
Jump to