Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.

Published

2020-10-01T20:15:13.033

Last Modified

2024-11-21T04:59:02.170

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-379
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	ant	1.10.8	Yes
Application	gradle	gradle	< 6.8.0	Yes
Operating System	fedoraproject	fedora	31	Yes
Operating System	fedoraproject	fedora	32	Yes
Operating System	fedoraproject	fedora	33	Yes
Application	oracle	agile_engineering_data_management	6.2.1.0	Yes
Application	oracle	api_gateway	11.1.2.4.0	Yes
Application	oracle	banking_platform	2.4.0	Yes
Application	oracle	banking_platform	2.4.1	Yes
Application	oracle	banking_platform	2.6.2	Yes
Application	oracle	banking_platform	2.7.0	Yes
Application	oracle	banking_platform	2.7.1	Yes
Application	oracle	banking_platform	2.8.0	Yes
Application	oracle	banking_treasury_management	14.4	Yes
Application	oracle	communications_unified_inventory_management	7.4.0	Yes
Application	oracle	communications_unified_inventory_management	7.4.1	Yes
Application	oracle	data_integrator	12.2.1.3.0	Yes
Application	oracle	data_integrator	12.2.1.4.0	Yes
Application	oracle	endeca_information_discovery_studio	3.2.0.0	Yes
Application	oracle	enterprise_repository	11.1.1.7.0	Yes
Application	oracle	financial_services_analytical_applications_infrastructure	≤ 8.0.9	Yes
Application	oracle	financial_services_analytical_applications_infrastructure	8.1.0	Yes
Application	oracle	financial_services_analytical_applications_infrastructure	8.1.1	Yes
Application	oracle	flexcube_private_banking	12.0.0	Yes
Application	oracle	flexcube_private_banking	12.1.0	Yes
Application	oracle	primavera_gateway	≤ 16.2.11	Yes
Application	oracle	primavera_gateway	≤ 17.12.9	Yes
Application	oracle	primavera_unifier	≤ 17.12	Yes
Application	oracle	primavera_unifier	16.1	Yes
Application	oracle	primavera_unifier	16.2	Yes
Application	oracle	primavera_unifier	18.8	Yes
Application	oracle	primavera_unifier	19.12	Yes
Application	oracle	primavera_unifier	20.12	Yes
Application	oracle	real-time_decision_server	3.2.0.0	Yes
Application	oracle	real-time_decision_server	11.1.1.9.0	Yes
Application	oracle	retail_advanced_inventory_planning	14.1	Yes
Application	oracle	retail_assortment_planning	16.0.3	Yes
Application	oracle	retail_category_management_planning_\&_optimization	16.0.3	Yes
Application	oracle	retail_eftlink	19.0.1	Yes
Application	oracle	retail_eftlink	20.0.0	Yes
Application	oracle	retail_financial_integration	14.1.3	Yes
Application	oracle	retail_financial_integration	15.0.3	Yes
Application	oracle	retail_financial_integration	16.0.3	Yes
Application	oracle	retail_integration_bus	15.0.3	Yes
Application	oracle	retail_item_planning	16.0.3	Yes
Application	oracle	retail_macro_space_optimization	16.0.3	Yes
Application	oracle	retail_merchandise_financial_planning	16.0.3	Yes
Application	oracle	retail_merchandising_system	14.1.3.2	Yes
Application	oracle	retail_merchandising_system	16.0.3	Yes
Application	oracle	retail_predictive_application_server	14.1	Yes
Application	oracle	retail_regular_price_optimization	16.0.3	Yes
Application	oracle	retail_replenishment_optimization	16.0.3	Yes
Application	oracle	retail_service_backbone	14.1.3	Yes
Application	oracle	retail_service_backbone	15.0.3	Yes
Application	oracle	retail_service_backbone	16.0.3	Yes
Application	oracle	retail_size_profile_optimization	16.0.3	Yes
Application	oracle	retail_store_inventory_management	14.1.3.9	Yes
Application	oracle	retail_store_inventory_management	15.0.3.0	Yes
Application	oracle	retail_store_inventory_management	16.0.3.0	Yes
Application	oracle	retail_xstore_point_of_service	15.0.4	Yes
Application	oracle	retail_xstore_point_of_service	16.0.6	Yes
Application	oracle	retail_xstore_point_of_service	17.0.4	Yes
Application	oracle	retail_xstore_point_of_service	18.0.3	Yes
Application	oracle	retail_xstore_point_of_service	19.0.2	Yes
Application	oracle	storagetek_acsls	8.5.1	Yes
Application	oracle	storagetek_tape_analytics	2.4	Yes
Application	oracle	timesten_in-memory_database	< 11.2.2.8.27	Yes
Application	oracle	utilities_framework	4.3.0.5.0	Yes
Application	oracle	utilities_framework	4.3.0.6.0	Yes
Application	oracle	utilities_framework	4.4.0.0.0	Yes
Application	oracle	utilities_framework	4.4.0.2.0	Yes

References

https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm Third Party Advisory ([email protected])
https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E Mailing List, Vendor Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/ ([email protected])
https://security.gentoo.org/glsa/202011-18 Third Party Advisory ([email protected])
https://www.oracle.com//security-alerts/cpujul2021.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuApr2021.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujan2021.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujan2022.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuoct2021.html Patch, Third Party Advisory ([email protected])
https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202011-18 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com//security-alerts/cpujul2021.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuApr2021.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2021.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2021.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)