CVE-2023-2976

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Google Guava versions 1.0 through 31.1

Description The issue is related to the use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava. This allows other users and apps on the machine with access to the default Java temporary directory to access the files created by the class. The vulnerability is fixed in version 32.0.0, but it is recommended to use version 32.0.1 due to functionality issues in version 32.0.0 under Windows.

Recommendations For Google Guava versions 1.0 through 31.1, update to version 32.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the default Java temporary directory to minimize the risk of exploitation.

Fix

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-379CWE-552

Related Identifiers

AZL-27173

AZL-43696

BDU:2023-04974

CLEANSTART-2026-CI66802

CLEANSTART-2026-DD05788

CLEANSTART-2026-GH89210

CLEANSTART-2026-IA43044

CLEANSTART-2026-JU62349

CLEANSTART-2026-KU61465

CLEANSTART-2026-LE11246

CLEANSTART-2026-RN56220

CLEANSTART-2026-SQ91016

CLEANSTART-2026-SV95049

CLEANSTART-2026-VH41554

CLEANSTART-2026-WK99982

CVE-2023-2976

GHSA-7G45-4RM6-3MM3

MGASA-2024-0159

OESA-2023-1411

OESA-2023-1412

OPENSUSE-SU-2023_3090-1

OPENSUSE-SU-2024:13001-1

RHSA-2023:7637

RHSA-2023:7638

RHSA-2023:7639

RHSA-2024:0777

RHSA-2024:0778

RHSA-2024:0798

RHSA-2024:0799

RHSA-2024:0800

SUSE-SU-2023:3090-1

SUSE-SU-2023_3090-1

SUSE-SU-2024:1138-1

Affected Products

Confluence

Debian

Google Guava

Jira

Jira Service Management Server

Red Os

Suse

CVE-2023-2976

Weakness Enumeration

Related Identifiers

Affected Products

References · 441