Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
171
VMScore

CVE-2020-15250

Published: 12/10/2020 Updated: 07/11/2023
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 171
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Junit

Vulnerability Summary

In JUnit4 from version 4.7 and prior to 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

junit junit4

debian debian linux 9.0

apache pluto

oracle communications cloud native core policy 1.14.0

Vendor Advisories

Red Hat: Important: Red Hat Fuse 7.11.0 release and security update
Synopsis Important: Red Hat Fuse 7110 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 710 to 711) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...
Debian CVElist Bug Report Logs: CVE-2020-15250
Debian Bug report logs - #972231 CVE-2020-15250 Package: junit4; Maintainer for junit4 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for junit4 is src:junit4 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 14 Oct 2020 21:21:01 UTC Severity: import ...

Github Repositories

https://github.com/kadamabg/openpdf-1.0.5java7

This modified open source code of openpdf 1.0.5 https://github.com/LibrePDF/OpenPDF/tree/1.0.5

OpenPDF is a Java PDF library, forked from iText OpenPDF is a Java library for creating and editing PDF files with a LGPL and MPL open source license OpenPDF is based on a fork of iText 4 We welcome contributions from other developers Please feel free to submit pull-requests and bugreports to this GitHub repository OpenPDF version 104 released 2017-10-11 Get version

https://github.com/GlenKPeterson/TestUtils

Utilities for testing `.equals()`, `.compareTo()` and `Comparator` Java/Kotlin contracts. Also FakeHttp(Request|Response)

TestUtils Utilities for testing common Java/Kotlin contracts Currently: equals(), hashCode(), and compareTo() I find a bug almost every time I apply these tests to old code Usage is defined in the Javadocs The idea of contract-based testing was from watching Bill Venners: wwwyoutubecom/watch?v=bCTZQi2dpl8 Any bugs are my own This project also includes fake Http

https://github.com/telmajohanns/a5

HBV202GAssignment5 A very simple implementation of a stack for storing integer numbers to be tested using JUnit4 This project is a Maven project, ie it uses the standard Maven project structure that your IDE hopefully understands when you git clone it The provided Maven POM includes the JUnit4 dependency The POM sets the Java version to 17: you may need to downgrade it if

https://github.com/Gunnarbjo/hhofjunit

HBV202GAssignment5 A very simple implementation of a stack for storing integer numbers to be tested using JUnit4 This project is a Maven project, ie it uses the standard Maven project structure that your IDE hopefully understands when you git clone it The provided Maven POM includes the JUnit4 dependency The POM sets the Java version to 17: you may need to downgrade it if

https://github.com/helmutneukirchen/HBV202GAssignment5

University of Iceland course HBV202G template for Assignment 5. Note that the POM includes JUnit 4, version 4.11 which has a vulnerability: it is part of the assignment to update the version.

HBV202GAssignment5 A very simple implementation of a stack for storing integer numbers to be tested using JUnit4 This project is a Maven project, ie it uses the standard Maven project structure that your IDE hopefully understands when you git clone it The provided Maven POM includes the JUnit4 dependency The POM sets the Java version to 17: you may need to downgrade it if

https://github.com/Sveppi/hbv202-ass5

Assignment 5 for HBV202G

HBV202GAssignment5 A very simple implementation of a stack for storing integer numbers to be tested using JUnit4 This project is a Maven project, ie it uses the standard Maven project structure that your IDE hopefully understands when you git clone it The provided Maven POM includes the JUnit4 dependency The POM sets the Java version to 17: you may need to downgrade it if

References

CWE-732https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52aehttps://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pphttps://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.mdhttps://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.htmlhttps://github.com/junit-team/junit4/issues/1676https://lists.debian.org/debian-lts-announce/2020/11/msg00003.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://lists.apache.org/thread.html/r5f8841507576f595bb783ccec6a7cb285ea90d4e6f5043eae0e61a41%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/rbaec90e699bc7c7bd9a053f76707a36fda48b6d558f31dc79147dbf9%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/r717877028482c55acf604d7a0106af4ca05da4208c708fb157b53672%40%3Ccommits.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/rb2771949c676ca984e58a5cd5ca79c2634dee1945e0406e48e0f8457%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/rde385b8b53ed046600ef68dd6b4528dea7566aaddb02c3e702cc28bc%40%3Ccommits.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/rc49cf1547ef6cac1be4b3c92339b2cae0acacf5acaba13cfa429a872%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/r500517c23200fb2fdb0b82770a62dd6c88b3521cfb01cfd0c76e3f8b%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/r95f8ef60c4b3a5284b647bb3132cda08e6fadad888a66b84f49da0b0%40%3Ccommits.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/ra1bdb9efae84794e8ffa2f8474be8290ba57830eefe9714b95da714b%40%3Cdev.pdfbox.apache.org%3Ehttps://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381%40%3Ccommits.turbine.apache.org%3Ehttps://lists.apache.org/thread.html/raebf13f53cd5d23d990712e3d11c80da9a7bae94a6284050f148ed99%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/r01110833b63616ddbef59ae4e10c0fbd0060f0a51206defd4cb4d917%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/rde8e70b95c992378e8570e4df400c6008a9839eabdfb8f800a3e5af6%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/rdef7d1380c86e7c0edf8a0f89a2a8db86fce5e363457d56b722691b4%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/rdbdd30510a7c4d0908fd22075c02b75bbc2e0d977ec22249ef3133cb%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/rea812d8612fdc46842a2a57248cad4b01ddfdb1e9b037c49e68fdbfb%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/rf797d119cc3f51a8d7c3c5cbe50cb4524c8487282b986edde83a9467%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/reb700e60b9642eafa4b7922bfee80796394135aa09c7a239ef9f7486%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/rf2ec93f4ca9a97d1958eb4a31b1830f723419ce9bf2018a6e5741d5b%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/r30f502d2f79e8d635361adb8108dcbb73095163fcbd776ee7984a094%40%3Ccommits.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/r925eaae7dd8f77dd61eefc49c1fcf54bd9ecfe605486870d7b1e9390%40%3Cpluto-dev.portals.apache.org%3Ehttps://lists.apache.org/thread.html/r29d703d1986d9b871466ff24082a1828ac8ad27bb0965a93a383872e%40%3Cpluto-scm.portals.apache.org%3Ehttps://lists.apache.org/thread.html/r09cfbb5aedd76023691bbce9ca4ce2e16bb07dd37554a17efc19935d%40%3Cpluto-dev.portals.apache.org%3Ehttps://lists.apache.org/thread.html/r2b78f23bc2711a76a7fc73ad67b7fcd6817c5cfccefd6f30a4f54943%40%3Cdev.knox.apache.org%3Ehttps://lists.apache.org/thread.html/rf6e5d894d4b03bef537c9d6641272e0197c047c0d1982b4e176d0353%40%3Cdev.knox.apache.org%3Ehttps://lists.apache.org/thread.html/r687f489b10b0d14e46f626aa88476545e1a2600b24c4ebd3c0d2a10b%40%3Cdev.knox.apache.org%3Ehttps://lists.apache.org/thread.html/r934208a520b38f5cf0cae199b6b076bfe7d081809528b0eff2459e40%40%3Cdev.knox.apache.org%3Ehttps://lists.apache.org/thread.html/r8b02dc6f18df11ff39eedb3038f1e31e6f90a779b1959bae65107279%40%3Cdev.knox.apache.org%3Ehttps://lists.apache.org/thread.html/r9710067c7096b83cb6ae8f53a2f6f94e9c042d1bf1d6929f8f2a2b7a%40%3Ccommits.knox.apache.org%3Ehttps://lists.apache.org/thread.html/r1209986f79359b518d09513ff05a88e5b3c398540e775edea76a4774%40%3Cdev.knox.apache.org%3Ehttps://lists.apache.org/thread.html/r742b44fd75215fc75963b8ecc22b2e4372e68d67d3d859d2b5e8743f%40%3Cdev.knox.apache.org%3Ehttps://lists.apache.org/thread.html/rb2ffe2993f4dccc48d832e1a0f1c419477781b6ea16e725ca2276dbb%40%3Cdev.knox.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2022:5532https://nvd.nist.govhttps://github.com/kadamabg/openpdf-1.0.5java7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook