CVE-2023-2976 Report - Details, Severity, & Advisories
Twingate Team
•
May 13, 2024
CVE-2023-2976 is a security vulnerability affecting Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich. With a severity rating of 7.1 HIGH by NIST and 5.5 MEDIUM by Google Inc., this vulnerability is related to the use of Java's default temporary directory for file creation in FileBackedOutputStream
. Successful exploitation could lead to disclosure of sensitive information or addition or modification of data. The vulnerability impacts various systems, including those using Google Commons APIs and certain NetApp and Intel products.
How do I know if I'm affected?
To determine if you're affected by the CVE-2023-2976 vulnerability, you should check if you're using Google Guava versions 1.0 to 31.1 on Unix systems or Android Ice Cream Sandwich. If exploited, it could lead to disclosure of sensitive information or addition or modification of data. However, no specific Apple product versions are mentioned as being affected.
What should I do if I'm affected?
If you're affected by the this vulnerability, it's important to take action to protect your data. First, update your Google Guava library to version 32.0.1, which addresses the issue. Next, ensure temporary files have unpredictable names and are created in secure directories with appropriate permissions. Finally, consider updating any affected software, such as NetApp products or Intel Unison software, to the latest versions with security fixes.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-2976 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This security issue, found in Google Guava library versions 1.0 to 31.1, could allow someone to access or change sensitive information by guessing the name of a temporary file and replacing it with a harmful one. The vulnerability was published on June 14, 2023, and has been fixed in Google Guava version 32.0.1.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-552, which involves files or directories being accessible to external parties. This can lead to information disclosure or data modification.
For more details
To learn more about its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-2976 Report - Details, Severity, & Advisories
Twingate Team
•
May 13, 2024
CVE-2023-2976 is a security vulnerability affecting Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich. With a severity rating of 7.1 HIGH by NIST and 5.5 MEDIUM by Google Inc., this vulnerability is related to the use of Java's default temporary directory for file creation in FileBackedOutputStream
. Successful exploitation could lead to disclosure of sensitive information or addition or modification of data. The vulnerability impacts various systems, including those using Google Commons APIs and certain NetApp and Intel products.
How do I know if I'm affected?
To determine if you're affected by the CVE-2023-2976 vulnerability, you should check if you're using Google Guava versions 1.0 to 31.1 on Unix systems or Android Ice Cream Sandwich. If exploited, it could lead to disclosure of sensitive information or addition or modification of data. However, no specific Apple product versions are mentioned as being affected.
What should I do if I'm affected?
If you're affected by the this vulnerability, it's important to take action to protect your data. First, update your Google Guava library to version 32.0.1, which addresses the issue. Next, ensure temporary files have unpredictable names and are created in secure directories with appropriate permissions. Finally, consider updating any affected software, such as NetApp products or Intel Unison software, to the latest versions with security fixes.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-2976 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This security issue, found in Google Guava library versions 1.0 to 31.1, could allow someone to access or change sensitive information by guessing the name of a temporary file and replacing it with a harmful one. The vulnerability was published on June 14, 2023, and has been fixed in Google Guava version 32.0.1.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-552, which involves files or directories being accessible to external parties. This can lead to information disclosure or data modification.
For more details
To learn more about its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-2976 Report - Details, Severity, & Advisories
Twingate Team
•
May 13, 2024
CVE-2023-2976 is a security vulnerability affecting Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich. With a severity rating of 7.1 HIGH by NIST and 5.5 MEDIUM by Google Inc., this vulnerability is related to the use of Java's default temporary directory for file creation in FileBackedOutputStream
. Successful exploitation could lead to disclosure of sensitive information or addition or modification of data. The vulnerability impacts various systems, including those using Google Commons APIs and certain NetApp and Intel products.
How do I know if I'm affected?
To determine if you're affected by the CVE-2023-2976 vulnerability, you should check if you're using Google Guava versions 1.0 to 31.1 on Unix systems or Android Ice Cream Sandwich. If exploited, it could lead to disclosure of sensitive information or addition or modification of data. However, no specific Apple product versions are mentioned as being affected.
What should I do if I'm affected?
If you're affected by the this vulnerability, it's important to take action to protect your data. First, update your Google Guava library to version 32.0.1, which addresses the issue. Next, ensure temporary files have unpredictable names and are created in secure directories with appropriate permissions. Finally, consider updating any affected software, such as NetApp products or Intel Unison software, to the latest versions with security fixes.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-2976 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This security issue, found in Google Guava library versions 1.0 to 31.1, could allow someone to access or change sensitive information by guessing the name of a temporary file and replacing it with a harmful one. The vulnerability was published on June 14, 2023, and has been fixed in Google Guava version 32.0.1.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-552, which involves files or directories being accessible to external parties. This can lead to information disclosure or data modification.
For more details
To learn more about its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions