CVE-2020-8908 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-8908 Interim 1 48 2023-09-22T23:52:50Z current 2021-05-30T14:38:14Z 2023-09-22T23:52:50Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-8908 A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2023-April/014447.html E-Mail link for SUSE-CU-2023:1100-1 https://lists.suse.com/pipermail/sle-security-updates/2023-April/014448.html E-Mail link for SUSE-CU-2023:1101-1 https://lists.suse.com/pipermail/sle-security-updates/2023-August/015753.html E-Mail link for SUSE-CU-2023:2503-1 https://lists.suse.com/pipermail/sle-security-updates/2023-August/015754.html E-Mail link for SUSE-CU-2023:2505-1 https://lists.suse.com/pipermail/sle-security-updates/2023-March/014085.html E-Mail link for SUSE-CU-2023:712-1 https://lists.suse.com/pipermail/sle-security-updates/2023-March/014086.html E-Mail link for SUSE-CU-2023:713-1 https://lists.suse.com/pipermail/sle-updates/2023-March/028253.html E-Mail link for SUSE-CU-2023:714-1 https://lists.suse.com/pipermail/sle-updates/2023-March/028254.html E-Mail link for SUSE-CU-2023:715-1 https://lists.suse.com/pipermail/sle-security-updates/2023-May/014723.html E-Mail link for SUSE-SU-2023:1832-1 https://lists.suse.com/pipermail/sle-updates/2023-August/030678.html E-Mail link for SUSE-SU-2023:3090-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Container bci/openjdk-devel:11-8.43 Container bci/openjdk-devel:17-10.40 Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP5 SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Server 15 SP4-TERADATA SUSE Linux Enterprise Module for Development Tools 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP5 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Manager Server Module 4.2 SUSE Manager Server Module 4.3 openSUSE Leap 15.4 openSUSE Leap 15.5 openSUSE Tumbleweed guava guava-30.1.1-1.2 guava-30.1.1-150200.3.4.4 guava-30.1.1-150300.4.3.4 guava-32.0.1-150200.3.7.1 guava-javadoc-30.1.1-1.2 guava-javadoc-32.0.1-150200.3.7.1 guava-testlib-30.1.1-1.2 guava-testlib-32.0.1-150200.3.7.1 guava20 guava20-20.0-150200.3.4.4 guava20-javadoc-20.0-150200.3.4.4 guava20-testlib-20.0-150200.3.4.4 guava-32.0.1-150200.3.7.1 as a component of Container bci/openjdk-devel:11-8.43 guava-32.0.1-150200.3.7.1 as a component of Container bci/openjdk-devel:17-10.40 guava-30.1.1-150300.4.3.4 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure guava-30.1.1-150300.4.3.4 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM guava-30.1.1-150300.4.3.4 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE guava-30.1.1-150200.3.4.4 as a component of SUSE Enterprise Storage 7 guava20-20.0-150200.3.4.4 as a component of SUSE Enterprise Storage 7 guava-30.1.1-150200.3.4.4 as a component of SUSE Enterprise Storage 7.1 guava20-20.0-150200.3.4.4 as a component of SUSE Enterprise Storage 7.1 guava-30.1.1-150200.3.4.4 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS guava20-20.0-150200.3.4.4 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS guava-30.1.1-150200.3.4.4 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS guava20-20.0-150200.3.4.4 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS guava-30.1.1-150200.3.4.4 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS guava20-20.0-150200.3.4.4 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS guava-32.0.1-150200.3.7.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 guava20-20.0-150200.3.4.4 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 guava-30.1.1-150200.3.4.4 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP5 guava-32.0.1-150200.3.7.1 as a component of SUSE Linux Enterprise Real Time 15 SP3 guava20-20.0-150200.3.4.4 as a component of SUSE Linux Enterprise Real Time 15 SP3 guava-30.1.1-150200.3.4.4 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS guava20-20.0-150200.3.4.4 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS guava-30.1.1-150200.3.4.4 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS guava20-20.0-150200.3.4.4 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS guava-32.0.1-150200.3.7.1 as a component of SUSE Linux Enterprise Server 15 SP4-TERADATA guava-30.1.1-150200.3.4.4 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 guava20-20.0-150200.3.4.4 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 guava-30.1.1-150200.3.4.4 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 guava20-20.0-150200.3.4.4 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 guava-30.1.1-150300.4.3.4 as a component of SUSE Manager Server Module 4.2 guava-32.0.1-150200.3.7.1 as a component of openSUSE Leap 15.4 guava-javadoc-32.0.1-150200.3.7.1 as a component of openSUSE Leap 15.4 guava-testlib-32.0.1-150200.3.7.1 as a component of openSUSE Leap 15.4 guava20-20.0-150200.3.4.4 as a component of openSUSE Leap 15.4 guava20-javadoc-20.0-150200.3.4.4 as a component of openSUSE Leap 15.4 guava20-testlib-20.0-150200.3.4.4 as a component of openSUSE Leap 15.4 guava-32.0.1-150200.3.7.1 as a component of openSUSE Leap 15.5 guava-javadoc-32.0.1-150200.3.7.1 as a component of openSUSE Leap 15.5 guava-testlib-32.0.1-150200.3.7.1 as a component of openSUSE Leap 15.5 guava-30.1.1-1.2 as a component of openSUSE Tumbleweed guava-javadoc-30.1.1-1.2 as a component of openSUSE Tumbleweed guava-testlib-30.1.1-1.2 as a component of openSUSE Tumbleweed guava as a component of SUSE Enterprise Storage 7 guava20 as a component of SUSE Enterprise Storage 7 guava as a component of SUSE Enterprise Storage 7.1 guava20 as a component of SUSE Enterprise Storage 7.1 guava as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS guava20 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS guava as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS guava20 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS guava as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS guava20 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS guava20 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 guava20 as a component of SUSE Linux Enterprise Real Time 15 SP3 guava as a component of SUSE Linux Enterprise Server 15 SP2-LTSS guava20 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS guava as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 guava20 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 guava as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 guava20 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 guava as a component of SUSE Manager Server Module 4.2 guava as a component of SUSE Manager Server Module 4.3 A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. CVE-2020-8908 Container bci/openjdk-devel:11-8.43:guava-32.0.1-150200.3.7.1 Container bci/openjdk-devel:17-10.40:guava-32.0.1-150200.3.7.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:guava-30.1.1-150300.4.3.4 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:guava-30.1.1-150300.4.3.4 Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE:guava-30.1.1-150300.4.3.4 SUSE Enterprise Storage 7:guava-30.1.1-150200.3.4.4 SUSE Enterprise Storage 7:guava20-20.0-150200.3.4.4 SUSE Enterprise Storage 7.1:guava-30.1.1-150200.3.4.4 SUSE Enterprise Storage 7.1:guava20-20.0-150200.3.4.4 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:guava-30.1.1-150200.3.4.4 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:guava20-20.0-150200.3.4.4 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:guava-30.1.1-150200.3.4.4 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:guava20-20.0-150200.3.4.4 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:guava-30.1.1-150200.3.4.4 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:guava20-20.0-150200.3.4.4 SUSE Linux Enterprise Module for Development Tools 15 SP4:guava-32.0.1-150200.3.7.1 SUSE Linux Enterprise Module for Development Tools 15 SP4:guava20-20.0-150200.3.4.4 SUSE Linux Enterprise Module for Development Tools 15 SP5:guava-30.1.1-150200.3.4.4 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:guava-javadoc-30.1.1-150200.3.4.4 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:guava-testlib-30.1.1-150200.3.4.4 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:guava20-20.0-150200.3.4.4 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:guava20-javadoc-20.0-150200.3.4.4 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:guava20-testlib-20.0-150200.3.4.4 SUSE Linux Enterprise Real Time 15 SP3:guava-32.0.1-150200.3.7.1 SUSE Linux Enterprise Real Time 15 SP3:guava20-20.0-150200.3.4.4 SUSE Linux Enterprise Server 15 SP2-LTSS:guava-30.1.1-150200.3.4.4 SUSE Linux Enterprise Server 15 SP2-LTSS:guava20-20.0-150200.3.4.4 SUSE Linux Enterprise Server 15 SP3-LTSS:guava-30.1.1-150200.3.4.4 SUSE Linux Enterprise Server 15 SP3-LTSS:guava20-20.0-150200.3.4.4 SUSE Linux Enterprise Server 15 SP4-TERADATA:guava-32.0.1-150200.3.7.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:guava-30.1.1-150200.3.4.4 SUSE Linux Enterprise Server for SAP Applications 15 SP2:guava20-20.0-150200.3.4.4 SUSE Linux Enterprise Server for SAP Applications 15 SP3:guava-30.1.1-150200.3.4.4 SUSE Linux Enterprise Server for SAP Applications 15 SP3:guava20-20.0-150200.3.4.4 SUSE Manager Server Module 4.2:guava-30.1.1-150300.4.3.4 openSUSE Leap 15.4:guava-32.0.1-150200.3.7.1 openSUSE Leap 15.4:guava-javadoc-32.0.1-150200.3.7.1 openSUSE Leap 15.4:guava-testlib-32.0.1-150200.3.7.1 openSUSE Leap 15.4:guava20-20.0-150200.3.4.4 openSUSE Leap 15.4:guava20-javadoc-20.0-150200.3.4.4 openSUSE Leap 15.4:guava20-testlib-20.0-150200.3.4.4 openSUSE Leap 15.5:guava-32.0.1-150200.3.7.1 openSUSE Leap 15.5:guava-javadoc-32.0.1-150200.3.7.1 openSUSE Leap 15.5:guava-testlib-32.0.1-150200.3.7.1 openSUSE Tumbleweed:guava-30.1.1-1.2 openSUSE Tumbleweed:guava-javadoc-30.1.1-1.2 openSUSE Tumbleweed:guava-testlib-30.1.1-1.2 SUSE Enterprise Storage 7.1:guava SUSE Enterprise Storage 7.1:guava20 SUSE Enterprise Storage 7:guava SUSE Enterprise Storage 7:guava20 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:guava SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:guava20 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:guava SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:guava20 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:guava SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:guava20 SUSE Linux Enterprise Module for Development Tools 15 SP4:guava20 SUSE Linux Enterprise Real Time 15 SP3:guava20 SUSE Linux Enterprise Server 15 SP2-LTSS:guava SUSE Linux Enterprise Server 15 SP2-LTSS:guava20 SUSE Linux Enterprise Server for SAP Applications 15 SP2:guava SUSE Linux Enterprise Server for SAP Applications 15 SP2:guava20 SUSE Linux Enterprise Server for SAP Applications 15 SP3:guava SUSE Linux Enterprise Server for SAP Applications 15 SP3:guava20 SUSE Manager Server Module 4.2:guava SUSE Manager Server Module 4.3:guava low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N