Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2020-11979

Published: 01/10/2020 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Apache

Vulnerability Summary

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an malicious user to inject modified source files into the build process.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache ant 1.10.8

gradle gradle

fedoraproject fedora 31

fedoraproject fedora 32

fedoraproject fedora 33

oracle flexcube private banking 12.1.0

oracle primavera unifier 16.2

oracle banking platform 2.4.0

oracle flexcube private banking 12.0.0

oracle api gateway 11.1.2.4.0

oracle banking platform 2.4.1

oracle primavera unifier 16.1

oracle enterprise repository 11.1.1.7.0

oracle retail predictive application server 14.1

oracle banking platform 2.6.2

oracle primavera unifier 18.8

oracle data integrator 12.2.1.3.0

oracle primavera unifier

oracle utilities framework 4.3.0.5.0

oracle utilities framework 4.3.0.6.0

oracle utilities framework 4.4.0.0.0

oracle communications unified inventory management 7.4.0

oracle primavera unifier 19.12

oracle utilities framework 4.4.0.2.0

oracle retail advanced inventory planning 14.1

oracle retail merchandising system 16.0.3

oracle banking platform 2.7.0

oracle banking platform 2.7.1

oracle agile engineering data management 6.2.1.0

oracle data integrator 12.2.1.4.0

oracle primavera gateway

oracle retail store inventory management 15.0.3.0

oracle retail store inventory management 16.0.3.0

oracle retail store inventory management 14.1.3.9

oracle retail service backbone 15.0.3

oracle retail service backbone 16.0.3

oracle retail financial integration 15.0.3

oracle retail financial integration 16.0.3

oracle retail financial integration 14.1.3

oracle retail service backbone 14.1.3

oracle retail integration bus 15.0.3

oracle banking platform 2.8.0

oracle primavera unifier 20.12

oracle communications unified inventory management 7.4.1

oracle retail xstore point of service 16.0.6

oracle retail xstore point of service 17.0.4

oracle retail xstore point of service 18.0.3

oracle retail xstore point of service 19.0.2

oracle retail xstore point of service 15.0.4

oracle real-time decision server 3.2.0.0

oracle financial services analytical applications infrastructure 8.1.1

oracle financial services analytical applications infrastructure 8.1.0

oracle financial services analytical applications infrastructure

oracle real-time decision server 11.1.1.9.0

oracle retail eftlink 19.0.1

oracle endeca information discovery studio 3.2.0.0

oracle retail eftlink 20.0.0

oracle banking treasury management 14.4

oracle retail regular price optimization 16.0.3

oracle retail assortment planning 16.0.3

oracle retail size profile optimization 16.0.3

oracle retail replenishment optimization 16.0.3

oracle retail merchandise financial planning 16.0.3

oracle retail macro space optimization 16.0.3

oracle retail item planning 16.0.3

oracle retail category management planning \\& optimization 16.0.3

oracle retail merchandising system 14.1.3.2

oracle timesten in-memory database

oracle storagetek acsls 8.5.1

oracle storagetek tape analytics 2.4

Vendor Advisories

Red Hat: Important: OpenShift Container Platform 4.6.17 security and packages update
Synopsis Important: OpenShift Container Platform 4617 security and packages update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4617 is now available withupdates to packages and images that fix several bugsThis release includes a security update for Red ...
Debian CVElist Bug Report Logs: ant: CVE-2020-11979
Debian Bug report logs - #971612 ant: CVE-2020-11979 Package: src:ant; Maintainer for src:ant is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 3 Oct 2020 05:18:01 UTC Severity: important Tags: security, upstream Found in vers ...
Arch Linux Issues:
As mitigation for CVE-2020-1945 Apache Ant 1108 changed the permissions of temporary files it created so that only the current user was allowed to access them Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort This would still allow an attacker to inject mod ...

References

NVD-CWE-Otherhttps://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3Ehttps://security.gentoo.org/glsa/202011-18https://www.oracle.com/security-alerts/cpujan2021.htmlhttps://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vmhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3Ehttps://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2021:0423https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook