Lucene search

K
cvelistApacheCVELIST:CVE-2020-11979
HistoryOct 01, 2020 - 7:24 p.m.

CVE-2020-11979

2020-10-0119:24:57
CWE-379
apache
www.cve.org
13
apache ant
cve-2020-11979
vulnerability
mitigation

AI Score

7

Confidence

High

EPSS

0.002

Percentile

58.7%

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.

CNA Affected

[
  {
    "product": "Apache Ant",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Ant 1.10.8"
      }
    ]
  }
]

References