What is the severity of CVE-2020-8908?

CVE-2020-8908 has been assigned a medium severity level due to its potential for information exposure.

How do I fix CVE-2020-8908?

To fix CVE-2020-8908, upgrade to Guava version 30.0 or later.

What versions of Guava are affected by CVE-2020-8908?

CVE-2020-8908 affects Guava versions prior to 30.0.

What type of vulnerability is CVE-2020-8908?

CVE-2020-8908 is a temporary directory creation vulnerability that may allow local users to access sensitive information.

Which software packages are affected by CVE-2020-8908?

Several Red Hat packages including eap7-activemq-artemis and eap7-bouncycastle are affected by CVE-2020-8908.

Vulnerability/
CVE-2020-8908

low

3.3

CWE

173 200 378 732 276

8/9/2020

10/12/2020

25/3/2021

20/2/2025

CVE-2020-8908: Temp directory permission issue in Guava

First published: Tue Sep 08 2020(Updated: )

A flaw was found in Guava that creates temporary directories with default permissions similar to /tmp. This issue may allow local users access, possibly permitting information exposure.

Credit: cve-coordination@google.com cve-coordination@google.com cve-coordination@google.com

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the severity of CVE-2020-8908?
CVE-2020-8908 has been assigned a medium severity level due to its potential for information exposure.
How do I fix CVE-2020-8908?
To fix CVE-2020-8908, upgrade to Guava version 30.0 or later.
What versions of Guava are affected by CVE-2020-8908?
CVE-2020-8908 affects Guava versions prior to 30.0.
What type of vulnerability is CVE-2020-8908?
CVE-2020-8908 is a temporary directory creation vulnerability that may allow local users to access sensitive information.
Which software packages are affected by CVE-2020-8908?
Several Red Hat packages including eap7-activemq-artemis and eap7-bouncycastle are affected by CVE-2020-8908.

collector/redhat-cve
collector/github-advisory-latest
alias/GHSA-5mg8-w23w-74h3
alias/CVE-2020-8908
collector/github-advisory
agent/type
agent/first-publish-date
agent/remedy
agent/weakness
agent/author
collector/redhat-bugzilla
source/Red Hat
agent/software-canonical-lookup
agent/description
collector/mitre-cve
source/MITRE
agent/title
agent/trending
agent/source
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-index
collector/nvd-cve
agent/last-modified-date
agent/severity
agent/references
agent/tags
agent/event
collector/ibm-support
source/IBM
agent/softwarecombine
package-manager/redhat
package-manager/maven
vendor/google
canonical/google guava
vendor/quarkus
canonical/red hat quarkus
vendor/oracle
canonical/oracle commerce guided search
version/oracle commerce guided search/11.3.2
canonical/oracle communications cloud native core network slice selection function
version/oracle communications cloud native core network slice selection function/1.2.1
canonical/oracle communications pricing design center
version/oracle communications pricing design center/12.0.0.4.0
version/oracle communications pricing design center/12.0.0.5.0
canonical/oracle data integrator
version/oracle data integrator/12.2.1.3.0
version/oracle data integrator/12.2.1.4.0
canonical/oracle nosql database
canonical/oracle peoplesoft enterprise peopletools
version/oracle peoplesoft enterprise peopletools/8.57
version/oracle peoplesoft enterprise peopletools/8.58
version/oracle peoplesoft enterprise peopletools/8.59
canonical/oracle customer management and segmentation foundation
version/oracle customer management and segmentation foundation/16.0
version/oracle customer management and segmentation foundation/19.0
canonical/oracle weblogic server
version/oracle weblogic server/14.1.1.0.0
canonical/oracle communications cloud native core network repository function
version/oracle communications cloud native core network repository function/1.14.0
canonical/oracle primavera unifier
version/oracle primavera unifier/17.7
version/oracle primavera unifier/17.12
version/oracle primavera unifier/18.8
version/oracle primavera unifier/19.12
version/oracle primavera unifier/20.12
version/oracle primavera unifier/21.12
vendor/netapp
canonical/netapp active iq unified manager
canonical/netapp active iq unified manager for vmware vsphere
canonical/netapp active iq unified manager windows
vendor/ibm
canonical/ibm data virtualization on cloud pak for data
version/ibm data virtualization on cloud pak for data/3.0
canonical/ibm watson query on cloud pak for data
version/ibm watson query on cloud pak for data/2.2
version/ibm watson query on cloud pak for data/2.1
version/ibm watson query on cloud pak for data/2.0
version/ibm data virtualization on cloud pak for data/1.8
version/ibm data virtualization on cloud pak for data/1.7

CVE-2020-8908: Temp directory permission issue in Guava

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2020-8908?

How do I fix CVE-2020-8908?

What versions of Guava are affected by CVE-2020-8908?

What type of vulnerability is CVE-2020-8908?

Which software packages are affected by CVE-2020-8908?

Company

Resources

Contact

Affected Software	Affected Version	How to fix
redhat/eap7-activemq-artemis	<0:2.9.0-9.redhat_00019.1.el6ea	0:2.9.0-9.redhat_00019.1.el6ea
redhat/eap7-bouncycastle	<0:1.68.0-1.redhat_00001.1.el6ea	0:1.68.0-1.redhat_00001.1.el6ea
redhat/eap7-guava-failureaccess	<0:1.0.1-1.redhat_00002.1.el6ea	0:1.0.1-1.redhat_00002.1.el6ea
redhat/eap7-guava-libraries	<0:30.1.0-1.redhat_00001.1.el6ea	0:30.1.0-1.redhat_00001.1.el6ea
redhat/eap7-hal-console	<0:3.2.13-1.Final_redhat_00001.1.el6ea	0:3.2.13-1.Final_redhat_00001.1.el6ea
redhat/eap7-ironjacamar	<0:1.4.27-1.Final_redhat_00001.1.el6ea	0:1.4.27-1.Final_redhat_00001.1.el6ea
redhat/eap7-jboss-ejb-client	<0:4.0.39-1.SP1_redhat_00001.1.el6ea	0:4.0.39-1.SP1_redhat_00001.1.el6ea
redhat/eap7-jboss-logmanager	<0:2.1.18-1.Final_redhat_00001.1.el6ea	0:2.1.18-1.Final_redhat_00001.1.el6ea
redhat/eap7-jboss-remoting	<0:5.0.20-2.SP1_redhat_00001.1.el6ea	0:5.0.20-2.SP1_redhat_00001.1.el6ea
redhat/eap7-jboss-server-migration	<0:1.7.2-5.Final_redhat_00006.1.el6ea	0:1.7.2-5.Final_redhat_00006.1.el6ea
redhat/eap7-narayana	<0:5.9.11-1.Final_redhat_00001.1.el6ea	0:5.9.11-1.Final_redhat_00001.1.el6ea
redhat/eap7-undertow	<0:2.0.34-1.SP1_redhat_00001.1.el6ea	0:2.0.34-1.SP1_redhat_00001.1.el6ea
redhat/eap7-wildfly	<0:7.3.6-1.GA_redhat_00002.1.el6ea	0:7.3.6-1.GA_redhat_00002.1.el6ea
redhat/eap7-wildfly-elytron	<0:1.10.11-1.Final_redhat_00001.1.el6ea	0:1.10.11-1.Final_redhat_00001.1.el6ea
redhat/eap7-wildfly-http-client	<0:1.0.25-1.Final_redhat_00001.1.el6ea	0:1.0.25-1.Final_redhat_00001.1.el6ea
redhat/eap7-wildfly-naming-client	<0:1.0.14-1.Final_redhat_00001.1.el6ea	0:1.0.14-1.Final_redhat_00001.1.el6ea
redhat/eap7-activemq-artemis	<0:2.9.0-9.redhat_00019.1.el7ea	0:2.9.0-9.redhat_00019.1.el7ea
redhat/eap7-bouncycastle	<0:1.68.0-1.redhat_00001.1.el7ea	0:1.68.0-1.redhat_00001.1.el7ea
redhat/eap7-guava-failureaccess	<0:1.0.1-1.redhat_00002.1.el7ea	0:1.0.1-1.redhat_00002.1.el7ea
redhat/eap7-guava-libraries	<0:30.1.0-1.redhat_00001.1.el7ea	0:30.1.0-1.redhat_00001.1.el7ea
redhat/eap7-hal-console	<0:3.2.13-1.Final_redhat_00001.1.el7ea	0:3.2.13-1.Final_redhat_00001.1.el7ea
redhat/eap7-ironjacamar	<0:1.4.27-1.Final_redhat_00001.1.el7ea	0:1.4.27-1.Final_redhat_00001.1.el7ea
redhat/eap7-jboss-ejb-client	<0:4.0.39-1.SP1_redhat_00001.1.el7ea	0:4.0.39-1.SP1_redhat_00001.1.el7ea
redhat/eap7-jboss-logmanager	<0:2.1.18-1.Final_redhat_00001.1.el7ea	0:2.1.18-1.Final_redhat_00001.1.el7ea
redhat/eap7-jboss-remoting	<0:5.0.20-2.SP1_redhat_00001.1.el7ea	0:5.0.20-2.SP1_redhat_00001.1.el7ea
redhat/eap7-jboss-server-migration	<0:1.7.2-5.Final_redhat_00006.1.el7ea	0:1.7.2-5.Final_redhat_00006.1.el7ea
redhat/eap7-narayana	<0:5.9.11-1.Final_redhat_00001.1.el7ea	0:5.9.11-1.Final_redhat_00001.1.el7ea
redhat/eap7-undertow	<0:2.0.34-1.SP1_redhat_00001.1.el7ea	0:2.0.34-1.SP1_redhat_00001.1.el7ea
redhat/eap7-wildfly	<0:7.3.6-1.GA_redhat_00002.1.el7ea	0:7.3.6-1.GA_redhat_00002.1.el7ea
redhat/eap7-wildfly-elytron	<0:1.10.11-1.Final_redhat_00001.1.el7ea	0:1.10.11-1.Final_redhat_00001.1.el7ea
redhat/eap7-wildfly-http-client	<0:1.0.25-1.Final_redhat_00001.1.el7ea	0:1.0.25-1.Final_redhat_00001.1.el7ea
redhat/eap7-wildfly-naming-client	<0:1.0.14-1.Final_redhat_00001.1.el7ea	0:1.0.14-1.Final_redhat_00001.1.el7ea
redhat/eap7-activemq-artemis	<0:2.9.0-9.redhat_00019.1.el8ea	0:2.9.0-9.redhat_00019.1.el8ea
redhat/eap7-bouncycastle	<0:1.68.0-1.redhat_00001.1.el8ea	0:1.68.0-1.redhat_00001.1.el8ea
redhat/eap7-guava-failureaccess	<0:1.0.1-1.redhat_00002.1.el8ea	0:1.0.1-1.redhat_00002.1.el8ea
redhat/eap7-guava-libraries	<0:30.1.0-1.redhat_00001.1.el8ea	0:30.1.0-1.redhat_00001.1.el8ea
redhat/eap7-hal-console	<0:3.2.13-1.Final_redhat_00001.1.el8ea	0:3.2.13-1.Final_redhat_00001.1.el8ea
redhat/eap7-ironjacamar	<0:1.4.27-1.Final_redhat_00001.1.el8ea	0:1.4.27-1.Final_redhat_00001.1.el8ea
redhat/eap7-jboss-ejb-client	<0:4.0.39-1.SP1_redhat_00001.1.el8ea	0:4.0.39-1.SP1_redhat_00001.1.el8ea
redhat/eap7-jboss-logmanager	<0:2.1.18-1.Final_redhat_00001.1.el8ea	0:2.1.18-1.Final_redhat_00001.1.el8ea
redhat/eap7-jboss-remoting	<0:5.0.20-2.SP1_redhat_00001.1.el8ea	0:5.0.20-2.SP1_redhat_00001.1.el8ea
redhat/eap7-jboss-server-migration	<0:1.7.2-5.Final_redhat_00006.1.el8ea	0:1.7.2-5.Final_redhat_00006.1.el8ea
redhat/eap7-narayana	<0:5.9.11-1.Final_redhat_00001.1.el8ea	0:5.9.11-1.Final_redhat_00001.1.el8ea
redhat/eap7-undertow	<0:2.0.34-1.SP1_redhat_00001.1.el8ea	0:2.0.34-1.SP1_redhat_00001.1.el8ea
redhat/eap7-wildfly	<0:7.3.6-1.GA_redhat_00002.1.el8ea	0:7.3.6-1.GA_redhat_00002.1.el8ea
redhat/eap7-wildfly-elytron	<0:1.10.11-1.Final_redhat_00001.1.el8ea	0:1.10.11-1.Final_redhat_00001.1.el8ea
redhat/eap7-wildfly-http-client	<0:1.0.25-1.Final_redhat_00001.1.el8ea	0:1.0.25-1.Final_redhat_00001.1.el8ea
redhat/eap7-wildfly-naming-client	<0:1.0.14-1.Final_redhat_00001.1.el8ea	0:1.0.14-1.Final_redhat_00001.1.el8ea
redhat/candlepin	<0:4.0.9-1.el7	0:4.0.9-1.el7
maven/com.google.guava:guava	<32.0.0-android	32.0.0-android
redhat/guava	<30.0	30.0
Google Guava	<32.0.0
Red Hat Quarkus	<1.11.4
Oracle Commerce Guided Search	=11.3.2
Oracle Communications Cloud Native Core Network Slice Selection Function	=1.2.1
Oracle Communications Pricing Design Center	=12.0.0.4.0
Oracle Communications Pricing Design Center	=12.0.0.5.0
Oracle Data Integrator	=12.2.1.3.0
Oracle Data Integrator	=12.2.1.4.0
Oracle NoSQL Database	<20.3
Oracle PeopleSoft Enterprise PeopleTools	=8.57
Oracle PeopleSoft Enterprise PeopleTools	=8.58
Oracle PeopleSoft Enterprise PeopleTools	=8.59
Oracle Customer Management and Segmentation Foundation	>=16.0<=19.0
Oracle WebLogic Server	=14.1.1.0.0
Oracle Communications Cloud Native Core Network Repository Function	=1.14.0
Oracle Primavera Unifier	>=17.7<=17.12
Oracle Primavera Unifier	=18.8
Oracle Primavera Unifier	=19.12
Oracle Primavera Unifier	=20.12
Oracle Primavera Unifier	=21.12
NetApp Active IQ Unified Manager
NetApp Active IQ Unified Manager for VMware vSphere
netapp active iq unified manager windows
IBM Data Virtualization on Cloud Pak for Data	<=3.0
IBM Watson Query on Cloud Pak for Data	<=2.2
IBM Watson Query on Cloud Pak for Data	<=2.1
IBM Watson Query on Cloud Pak for Data	<=2.0
IBM Data Virtualization on Cloud Pak for Data	<=1.8
IBM Data Virtualization on Cloud Pak for Data	<=1.7