CVE-2020-8908: Incorrect Permission Assignment for Critical Resource

December 10, 2020 (updated December 10, 2021)

A temp directory creation vulnerability exist in Guava allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir().The permissions granted to the directory created default to the standard unix-like/tmp` ones, leaving the files open.

References

nvd.nist.gov/vuln/detail/CVE-2020-8908

Detect and mitigate CVE-2020-8908 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →