7.5
CVSSv3

CVE-2020-11979

CVSSv4: NA | CVSSv3: 7.5 | CVSSv2: 5 | VMScore: 850 | EPSS: 0.00238 | KEV: Not Included
Published: 01/10/2020 Updated: 21/11/2024

Vulnerability Summary

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an malicious user to inject modified source files into the build process.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache ant 1.10.8

gradle gradle

fedoraproject fedora 31

fedoraproject fedora 32

fedoraproject fedora 33

oracle agile engineering data management 6.2.1.0

oracle api gateway 11.1.2.4.0

oracle banking platform 2.4.0

oracle banking platform 2.4.1

oracle banking platform 2.6.2

oracle banking platform 2.7.0

oracle banking platform 2.7.1

oracle banking platform 2.8.0

oracle banking treasury management 14.4

oracle communications unified inventory management 7.4.0

oracle communications unified inventory management 7.4.1

oracle data integrator 12.2.1.3.0

oracle data integrator 12.2.1.4.0

oracle endeca information discovery studio 3.2.0.0

oracle enterprise repository 11.1.1.7.0

oracle financial services analytical applications infrastructure

oracle financial services analytical applications infrastructure 8.1.0

oracle financial services analytical applications infrastructure 8.1.1

oracle flexcube private banking 12.0.0

oracle flexcube private banking 12.1.0

oracle primavera gateway

oracle primavera unifier

oracle primavera unifier 16.1

oracle primavera unifier 16.2

oracle primavera unifier 18.8

oracle primavera unifier 19.12

oracle primavera unifier 20.12

oracle real-time decision server 3.2.0.0

oracle real-time decision server 11.1.1.9.0

oracle retail advanced inventory planning 14.1

oracle retail assortment planning 16.0.3

oracle retail category management planning & optimization 16.0.3

oracle retail eftlink 19.0.1

oracle retail eftlink 20.0.0

oracle retail financial integration 14.1.3

oracle retail financial integration 15.0.3

oracle retail financial integration 16.0.3

oracle retail integration bus 15.0.3

oracle retail item planning 16.0.3

oracle retail macro space optimization 16.0.3

oracle retail merchandise financial planning 16.0.3

oracle retail merchandising system 14.1.3.2

oracle retail merchandising system 16.0.3

oracle retail predictive application server 14.1

oracle retail regular price optimization 16.0.3

oracle retail replenishment optimization 16.0.3

oracle retail service backbone 14.1.3

oracle retail service backbone 15.0.3

oracle retail service backbone 16.0.3

oracle retail size profile optimization 16.0.3

oracle retail store inventory management 14.1.3.9

oracle retail store inventory management 15.0.3.0

oracle retail store inventory management 16.0.3.0

oracle retail xstore point of service 15.0.4

oracle retail xstore point of service 16.0.6

oracle retail xstore point of service 17.0.4

oracle retail xstore point of service 18.0.3

oracle retail xstore point of service 19.0.2

oracle storagetek acsls 8.5.1

oracle storagetek tape analytics 2.4

oracle timesten in-memory database

oracle utilities framework 4.3.0.5.0

oracle utilities framework 4.3.0.6.0

oracle utilities framework 4.4.0.0.0

oracle utilities framework 4.4.0.2.0

Vendor Advisories

Synopsis Important: OpenShift Container Platform 4617 security and packages update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4617 is now available withupdates to packages and images that fix several bugsThis release includes a security update for Red ...
Debian Bug report logs - #971612 ant: CVE-2020-11979 Package: src:ant; Maintainer for src:ant is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 3 Oct 2020 05:18:01 UTC Severity: important Tags: security, upstream Found in vers ...
As mitigation for CVE-2020-1945 Apache Ant 1108 changed the permissions of temporary files it created so that only the current user was allowed to access them Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort This would still allow an attacker to inject mod ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2020-11979: Apache Ant insecure temporary file vulnerability Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Apache Ant 1108 Description: As mitigation for CVE-2020-1945 Apache Ant 1108 changed the permissions of temporary files it created so that only the curren ...

Github Repositories

Briefly summarize your client, Artemis Financial, and its software requirements Who was the client? What issue did the company want you to address? The client, Artemis Financial, is a financial services provider that handles sensitive client data, including savings plans, retirement details, investments, and insurance The company required a secure software application to prot

References

CWE-379NVD-CWE-Otherhttps://access.redhat.com/errata/RHSA-2021:0423https://nvd.nist.govhttps://www.first.org/epsshttps://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vmhttps://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/https://security.gentoo.org/glsa/202011-18https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vmhttps://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/https://security.gentoo.org/glsa/202011-18https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.html