How severe is CVE-2020-8908?

This vulnerability has a severity rating of LOW with a CVSS score of 3.3 out of 10.

What type of vulnerability is CVE-2020-8908?

This is classified as CWE-378, which is a common weakness in software security.

CVE-2020-8908

LOW Year: 2020

CVSS v3 Score

3.3

Low

CVSS v2 Score

2.1

Low

Weakness Type

CWE-378

View all →

Vulnerability Description

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.

CVE-2021-21331

LOW

CVSS:3.3(Low)

The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on ...

CWE-3782021

CVE-2023-0481

LOW

CVSS:3.3(Low)

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local ...

CWE-3782023

CVE-2023-27408

LOW

CVSS:3.3(Low)

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file is created with the permissions bits of `-rw-rw-rw-`. This file is used as a mutex for multiple appl...

CWE-3782023

CVE-2024-52543

MEDIUM

CVSS:4.4(Medium)

Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulner...

CWE-3782024

CVE-2024-39872

CRITICAL

CVSS:9.9(Critical)

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update pro...

CWE-3782024

CVE-2025-27148

HIGH

CVSS:8.8(High)

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that a...

CWE-3782025

CVE-2020-8908

Vulnerability Description

Related Vulnerabilities

CVE-2021-21331

CVE-2023-0481

CVE-2023-27408

CVE-2024-52543

CVE-2024-39872

CVE-2025-27148