7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
55.1%
Severity: Medium
Date : 2020-12-05
CVE-ID : CVE-2020-11979
Package : ant
Type : arbitrary code execution
Remote : No
Link : https://security.archlinux.org/AVG-1312
The package ant before version 1.10.9-1 is vulnerable to arbitrary code
execution.
Upgrade to 1.10.9-1.
The problem has been fixed upstream in version 1.10.9.
The issue can be mitigated by making Ant use a directory that is only
readable and writable by the current user.
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the
permissions of temporary files it created so that only the current user
was allowed to access them. Unfortunately the fixcrlf task deleted the
temporary file and created a new one without said protection,
effectively nullifying the effort. This would still allow an attacker
to inject modified source files into the build process.
A local attacker might be able to execute arbitrary code by injecting
modified source files into the build process at the exact right moment.
https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40<dev.ant.apache.org>
https://security.archlinux.org/CVE-2020-11979
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
55.1%