PT-2023-4568 · Google+4 · Google Guava+6

Venusjain10

·

Publicado

2023-06-14

·

Atualizado

2026-05-21

·

CVE-2023-2976

CVSS v3.1

7.1

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Google Guava versions 1.0 through 31.1
Description The issue is related to the use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava. This allows other users and apps on the machine with access to the default Java temporary directory to access the files created by the class. The vulnerability is fixed in version 32.0.0, but it is recommended to use version 32.0.1 due to functionality issues in version 32.0.0 under Windows.
Recommendations For Google Guava versions 1.0 through 31.1, update to version 32.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the default Java temporary directory to minimize the risk of exploitation.

Correção

Files Accessible to External Parties

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-379CWE-552

Identificadores relacionados

AZL-27173
AZL-43696
BDU:2023-04974
CLEANSTART-2026-CI66802
CLEANSTART-2026-DD05788
CLEANSTART-2026-GH89210
CLEANSTART-2026-IA43044
CLEANSTART-2026-JU62349
CLEANSTART-2026-KU61465
CLEANSTART-2026-LE11246
CLEANSTART-2026-RN56220
CLEANSTART-2026-SQ91016
CLEANSTART-2026-SV95049
CLEANSTART-2026-VH41554
CLEANSTART-2026-WK99982
CVE-2023-2976
GHSA-7G45-4RM6-3MM3
MGASA-2024-0159
OESA-2023-1411
OESA-2023-1412
OPENSUSE-SU-2023_3090-1
OPENSUSE-SU-2024:13001-1
RHSA-2023:7637
RHSA-2023:7638
RHSA-2023:7639
RHSA-2024:0777
RHSA-2024:0778
RHSA-2024:0798
RHSA-2024:0799
RHSA-2024:0800
SUSE-SU-2023:3090-1
SUSE-SU-2023_3090-1
SUSE-SU-2024:1138-1

Produtos afetados

Confluence
Debian
Google Guava
Jira
Jira Service Management Server
Red Os
Suse