Lucene search

K
cveApacheCVE-2020-1945
HistoryMay 14, 2020 - 4:15 p.m.

CVE-2020-1945

2020-05-1416:15:12
CWE-668
apache
web.nvd.nist.gov
367
5
cve-2020-1945
apache ant
information leak
source code injection
security vulnerability

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

32.8%

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

Affected configurations

Nvd
Vulners
Node
apacheantRange1.11.9.14
OR
apacheantRange1.10.01.10.7
Node
canonicalubuntu_linuxMatch19.10
Node
fedoraprojectfedoraMatch31
OR
fedoraprojectfedoraMatch32
Node
opensuseleapMatch15.2
Node
oracleagile_engineering_data_managementMatch6.2.1.0
OR
oraclebanking_enterprise_collectionsRange2.7.02.9.0
OR
oraclebanking_liquidity_managementRange14.0.014.4.0
OR
oraclebanking_platformRange2.4.02.9.0
OR
oraclebusiness_process_management_suiteMatch12.2.1.3.0
OR
oraclebusiness_process_management_suiteMatch12.2.1.4.0
OR
oraclecategory_management_planning_\&_optimizationMatch15.0.3
OR
oraclecommunications_asapMatch7.3
OR
oraclecommunications_diameter_signaling_routerRange8.0.08.2.2
OR
oraclecommunications_metasolv_solutionMatch6.3.0
OR
oraclecommunications_order_and_service_managementMatch7.3
OR
oraclecommunications_order_and_service_managementMatch7.4
OR
oracledata_integratorMatch12.2.1.3.0
OR
oracledata_integratorMatch12.2.1.4.0
OR
oracleendeca_information_discovery_studioMatch3.2.0
OR
oracleenterprise_manager_ops_centerMatch12.4.0.0
OR
oracleenterprise_repositoryMatch11.1.1.7.0
OR
oraclefinancial_services_analytical_applications_infrastructureRange8.0.68.1.0
OR
oracleflexcube_investor_servicingMatch12.1.0
OR
oracleflexcube_investor_servicingMatch12.3.0
OR
oracleflexcube_investor_servicingMatch12.4.0
OR
oracleflexcube_investor_servicingMatch14.0.0
OR
oracleflexcube_investor_servicingMatch14.1.0
OR
oracleflexcube_private_bankingMatch12.0.0
OR
oracleflexcube_private_bankingMatch12.1.0
OR
oraclehealth_sciences_information_managerRange3.03.0.2
OR
oracleprimavera_gatewayRange16.2.016.2.11
OR
oracleprimavera_gatewayRange17.12.017.12.7
OR
oracleprimavera_unifierRange17.717.12
OR
oracleprimavera_unifierMatch16.1
OR
oracleprimavera_unifierMatch16.2
OR
oracleprimavera_unifierMatch18.8
OR
oracleprimavera_unifierMatch19.12
OR
oraclerapid_planningMatch12.1
OR
oraclerapid_planningMatch12.2
OR
oraclereal-time_decision_serverMatch3.2.1.0
OR
oracleretail_advanced_inventory_planningMatch14.1
OR
oracleretail_advanced_inventory_planningMatch15.0
OR
oracleretail_advanced_inventory_planningMatch16.0
OR
oracleretail_assortment_planningMatch15.0.3
OR
oracleretail_assortment_planningMatch16.0.3
OR
oracleretail_back_officeMatch14.0
OR
oracleretail_back_officeMatch14.1
OR
oracleretail_bulk_data_integrationMatch15.0
OR
oracleretail_bulk_data_integrationMatch16.0
OR
oracleretail_bulk_data_integrationMatch16.0.3.0
OR
oracleretail_bulk_data_integrationMatch19.0.1
OR
oracleretail_central_officeMatch14.0
OR
oracleretail_central_officeMatch14.1
OR
oracleretail_data_extractor_for_merchandisingMatch1.9
OR
oracleretail_data_extractor_for_merchandisingMatch1.10
OR
oracleretail_extract_transform_and_loadMatch13.2.5
OR
oracleretail_extract_transform_and_loadMatch13.2.8
OR
oracleretail_financial_integrationMatch14.1.3.2
OR
oracleretail_financial_integrationMatch15.0
OR
oracleretail_financial_integrationMatch15.0.4.0
OR
oracleretail_financial_integrationMatch16.0
OR
oracleretail_financial_integrationMatch16.0.3.0
OR
oracleretail_integration_busMatch14.1
OR
oracleretail_integration_busMatch14.1.3.2
OR
oracleretail_integration_busMatch15.0
OR
oracleretail_integration_busMatch15.0.4.0
OR
oracleretail_integration_busMatch16.0
OR
oracleretail_integration_busMatch16.0.3.0
OR
oracleretail_integration_busMatch19.0.1.0
OR
oracleretail_item_planningMatch15.0.3
OR
oracleretail_macro_space_optimizationMatch15.0.3
OR
oracleretail_merchandise_financial_planningMatch15.0.3
OR
oracleretail_merchandising_systemMatch19.0.1
OR
oracleretail_point-of-serviceMatch14.0
OR
oracleretail_point-of-serviceMatch14.1
OR
oracleretail_point-of-serviceMatch15.0
OR
oracleretail_point-of-serviceMatch16.0
OR
oracleretail_predictive_application_serverMatch14.0.3
OR
oracleretail_predictive_application_serverMatch14.1.3
OR
oracleretail_predictive_application_serverMatch15.0.3
OR
oracleretail_predictive_application_serverMatch16.0.3
OR
oracleretail_predictive_application_serverMatch16.0.3.0
OR
oracleretail_regular_price_optimizationMatch15.0.3
OR
oracleretail_regular_price_optimizationMatch16.0.3
OR
oracleretail_replenishment_optimizationMatch15.0.3
OR
oracleretail_returns_managementMatch14.0
OR
oracleretail_returns_managementMatch14.1
OR
oracleretail_service_backboneMatch14.1.3.2
OR
oracleretail_service_backboneMatch15.0
OR
oracleretail_service_backboneMatch15.0.4.0
OR
oracleretail_service_backboneMatch16.0
OR
oracleretail_service_backboneMatch16.0.3.0
OR
oracleretail_service_backboneMatch19.0.1.0
OR
oracleretail_size_profile_optimizationMatch15.0.3
OR
oracleretail_size_profile_optimizationMatch16.0.3
OR
oracleretail_store_inventory_managementMatch14.0.4
OR
oracleretail_store_inventory_managementMatch14.1
OR
oracleretail_store_inventory_managementMatch14.1.3
OR
oracleretail_store_inventory_managementMatch15.0
OR
oracleretail_store_inventory_managementMatch15.0.3
OR
oracleretail_store_inventory_managementMatch16.0
OR
oracleretail_store_inventory_managementMatch16.0.3
OR
oracleretail_xstore_point_of_serviceMatch15.0.4
OR
oracleretail_xstore_point_of_serviceMatch16.0.6
OR
oracleretail_xstore_point_of_serviceMatch17.0.4
OR
oracleretail_xstore_point_of_serviceMatch18.0.3
OR
oracleretail_xstore_point_of_serviceMatch19.0.2
OR
oracletimesten_in-memory_databaseRange<11.2.2.8.27
OR
oracletimesten_in-memory_databaseMatch11.2.2.8.49
OR
oracleutilities_frameworkRange4.3.0.1.04.3.0.6.0
OR
oracleutilities_frameworkMatch2.2.0.0.0
OR
oracleutilities_frameworkMatch4.2.0.2.0
OR
oracleutilities_frameworkMatch4.2.0.3.0
OR
oracleutilities_frameworkMatch4.4.0.0.0
OR
oracleutilities_frameworkMatch4.4.0.2.0
VendorProductVersionCPE
apacheant*cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*
canonicalubuntu_linux19.10cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
fedoraprojectfedora31cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
fedoraprojectfedora32cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
opensuseleap15.2cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
oracleagile_engineering_data_management6.2.1.0cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
oraclebanking_enterprise_collections*cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*
oraclebanking_liquidity_management*cpe:2.3:a:oracle:banking_liquidity_management:*:*:*:*:*:*:*:*
oraclebanking_platform*cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
oraclebusiness_process_management_suite12.2.1.3.0cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 1151

CNA Affected

[
  {
    "product": "Apache Ant",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7"
      }
    ]
  }
]

References

Social References

More

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

32.8%