Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2020-8908

Description

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.

POC

Reference

- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415

- https://www.oracle.com//security-alerts/cpujul2021.html

- https://www.oracle.com/security-alerts/cpuApr2021.html

- https://www.oracle.com/security-alerts/cpuapr2022.html

- https://www.oracle.com/security-alerts/cpujan2022.html

- https://www.oracle.com/security-alerts/cpuoct2021.html

Github

- https://github.com/ARPSyndicate/cvemon

- https://github.com/CodingSimia/jenkins-shiftleft

- https://github.com/IkerSaint/VULNAPP-vulnerable-app

- https://github.com/Liftric/dependency-track-companion-plugin

- https://github.com/aicelen/Kivy-LiteRT-Next

- https://github.com/asa1997/topgear_test

- https://github.com/diegopacheco/Smith

- https://github.com/hinat0y/Dataset1

- https://github.com/hinat0y/Dataset10

- https://github.com/hinat0y/Dataset11

- https://github.com/hinat0y/Dataset12

- https://github.com/hinat0y/Dataset2

- https://github.com/hinat0y/Dataset3

- https://github.com/hinat0y/Dataset4

- https://github.com/hinat0y/Dataset5

- https://github.com/hinat0y/Dataset6

- https://github.com/hinat0y/Dataset7

- https://github.com/hinat0y/Dataset8

- https://github.com/hinat0y/Dataset9

- https://github.com/kahlai/java-micro-experiment

- https://github.com/marklogic/marklogic-contentpump

- https://github.com/nidhi7598/guava-v18.0_CVE-2020-8908

- https://github.com/pctF/vulnerable-app

- https://github.com/slashben/ks2ovex