Versio.io

CVE-2020-11979

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 01-10-2020 10:15
Last modified: - 12-05-2022 04:43
Total changes: - 15

Description

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Low
Attack complexity
Network
Attack vector
None
Availability
None
Confidentiality
High
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
7.5
Base score
3.9
3.6
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=apache AND product=ant AND version=1.10.8
OR
vendor=gradle AND product=gradle AND versionEndExcluding=6.8.0
OR
vendor=fedoraproject AND product=fedora AND version=31
vendor=fedoraproject AND product=fedora AND version=32
vendor=fedoraproject AND product=fedora AND version=33
OR
vendor=oracle AND product=flexcube_private_banking AND version=12.1.0
vendor=oracle AND product=primavera_unifier AND version=16.2
vendor=oracle AND product=banking_platform AND version=2.4.0
vendor=oracle AND product=flexcube_private_banking AND version=12.0.0
vendor=oracle AND product=api_gateway AND version=11.1.2.4.0
vendor=oracle AND product=banking_platform AND version=2.4.1
vendor=oracle AND product=primavera_unifier AND version=16.1
vendor=oracle AND product=enterprise_repository AND version=11.1.1.7.0
vendor=oracle AND product=retail_predictive_application_server AND version=14.1
vendor=oracle AND product=banking_platform AND version=2.6.2
vendor=oracle AND product=agile_engineering_data_management AND version=6.2.1.0
vendor=oracle AND product=banking_platform AND version=2.7.0
vendor=oracle AND product=banking_platform AND version=2.7.1
vendor=oracle AND product=communications_unified_inventory_management AND version=7.4.0
vendor=oracle AND product=data_integrator AND version=12.2.1.3.0
vendor=oracle AND product=data_integrator AND version=12.2.1.4.0
vendor=oracle AND product=primavera_gateway AND versionEndIncluding=16.2.11 AND versionStartIncluding=16.2.0
vendor=oracle AND product=primavera_unifier AND versionEndIncluding=17.12 AND versionStartIncluding=17.7
vendor=oracle AND product=primavera_unifier AND version=18.8
vendor=oracle AND product=primavera_unifier AND version=19.12
vendor=oracle AND product=retail_advanced_inventory_planning AND version=14.1
vendor=oracle AND product=retail_merchandising_system AND version=16.0.3
vendor=oracle AND product=retail_service_backbone AND version=15.0.3
vendor=oracle AND product=retail_store_inventory_management AND version=14.1.3.9
vendor=oracle AND product=retail_store_inventory_management AND version=15.0.3.0
vendor=oracle AND product=retail_store_inventory_management AND version=16.0.3.0
vendor=oracle AND product=utilities_framework AND version=4.3.0.5.0
vendor=oracle AND product=utilities_framework AND version=4.3.0.6.0
vendor=oracle AND product=utilities_framework AND version=4.4.0.0.0
vendor=oracle AND product=utilities_framework AND version=4.4.0.2.0
vendor=oracle AND product=banking_platform AND version=2.8.0
vendor=oracle AND product=banking_treasury_management AND version=14.4
vendor=oracle AND product=communications_unified_inventory_management AND version=7.4.1
vendor=oracle AND product=endeca_information_discovery_studio AND version=3.2.0.0
vendor=oracle AND product=financial_services_analytical_applications_infrastructure AND versionEndIncluding=8.0.9 AND versionStartIncluding=8.0.6
vendor=oracle AND product=financial_services_analytical_applications_infrastructure AND version=8.1.0
vendor=oracle AND product=financial_services_analytical_applications_infrastructure AND version=8.1.1
vendor=oracle AND product=primavera_gateway AND versionEndIncluding=17.12.9 AND versionStartIncluding=17.12.0
vendor=oracle AND product=primavera_unifier AND version=20.12
vendor=oracle AND product=real-time_decision_server AND version=3.2.0.0
vendor=oracle AND product=real-time_decision_server AND version=11.1.1.9.0
vendor=oracle AND product=retail_assortment_planning AND version=16.0.3
vendor=oracle AND product=retail_category_management_planning_\&_optimization AND version=16.0.3
vendor=oracle AND product=retail_eftlink AND version=19.0.1
vendor=oracle AND product=retail_eftlink AND version=20.0.0
vendor=oracle AND product=retail_financial_integration AND version=14.1.3
vendor=oracle AND product=retail_financial_integration AND version=15.0.3
vendor=oracle AND product=retail_financial_integration AND version=16.0.3
vendor=oracle AND product=retail_integration_bus AND version=15.0.3
vendor=oracle AND product=retail_item_planning AND version=16.0.3
vendor=oracle AND product=retail_macro_space_optimization AND version=16.0.3
vendor=oracle AND product=retail_merchandise_financial_planning AND version=16.0.3
vendor=oracle AND product=retail_merchandising_system AND version=14.1.3.2
vendor=oracle AND product=retail_regular_price_optimization AND version=16.0.3
vendor=oracle AND product=retail_replenishment_optimization AND version=16.0.3
vendor=oracle AND product=retail_service_backbone AND version=14.1.3
vendor=oracle AND product=retail_service_backbone AND version=16.0.3
vendor=oracle AND product=retail_size_profile_optimization AND version=16.0.3
vendor=oracle AND product=retail_xstore_point_of_service AND version=15.0.4
vendor=oracle AND product=retail_xstore_point_of_service AND version=16.0.6
vendor=oracle AND product=retail_xstore_point_of_service AND version=17.0.4
vendor=oracle AND product=retail_xstore_point_of_service AND version=18.0.3
vendor=oracle AND product=retail_xstore_point_of_service AND version=19.0.2
vendor=oracle AND product=storagetek_acsls AND version=8.5.1
vendor=oracle AND product=storagetek_tape_analytics AND version=2.4
vendor=oracle AND product=timesten_in-memory_database AND versionEndExcluding=11.2.2.8.27
 

Reference

 


Keywords

NVD

 

CVE-2020-11979

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.