Lucene search

[email protected]NVD:CVE-2020-11979

HistoryOct 01, 2020 - 8:15 p.m.

CVE-2020-11979

2020-10-0120:15:13

CWE-379

[email protected]

web.nvd.nist.gov

apache ant

cve-2020-11979

fixcrlf task

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

58.7%

JSON

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.

Affected configurations

Nvd

Node

apacheantMatch1.10.8

Node

gradlegradleRange<6.8.0

Node

fedoraprojectfedoraMatch31

fedoraprojectfedoraMatch32

fedoraprojectfedoraMatch33

Node

oracleagile_engineering_data_managementMatch6.2.1.0

oracleapi_gatewayMatch11.1.2.4.0

oraclebanking_platformMatch2.4.0

oraclebanking_platformMatch2.4.1

oraclebanking_platformMatch2.6.2

oraclebanking_platformMatch2.7.0

oraclebanking_platformMatch2.7.1

oraclebanking_platformMatch2.8.0

oraclebanking_treasury_managementMatch14.4

oraclecommunications_unified_inventory_managementMatch7.4.0

oraclecommunications_unified_inventory_managementMatch7.4.1

oracledata_integratorMatch12.2.1.3.0

oracledata_integratorMatch12.2.1.4.0

oracleendeca_information_discovery_studioMatch3.2.0.0

oracleenterprise_repositoryMatch11.1.1.7.0

oraclefinancial_services_analytical_applications_infrastructureRange8.0.6–8.0.9

oraclefinancial_services_analytical_applications_infrastructureMatch8.1.0

oraclefinancial_services_analytical_applications_infrastructureMatch8.1.1

oracleflexcube_private_bankingMatch12.0.0

oracleflexcube_private_bankingMatch12.1.0

oracleprimavera_gatewayRange16.2.0–16.2.11

oracleprimavera_gatewayRange17.12.0–17.12.9

oracleprimavera_unifierRange17.7–17.12

oracleprimavera_unifierMatch16.1

oracleprimavera_unifierMatch16.2

oracleprimavera_unifierMatch18.8

oracleprimavera_unifierMatch19.12

oracleprimavera_unifierMatch20.12

oraclereal-time_decision_serverMatch3.2.0.0

oraclereal-time_decision_serverMatch11.1.1.9.0

oracleretail_advanced_inventory_planningMatch14.1

oracleretail_assortment_planningMatch16.0.3

oracleretail_category_management_planning_\&_optimizationMatch16.0.3

oracleretail_eftlinkMatch19.0.1

oracleretail_eftlinkMatch20.0.0

oracleretail_financial_integrationMatch14.1.3

oracleretail_financial_integrationMatch15.0.3

oracleretail_financial_integrationMatch16.0.3

oracleretail_integration_busMatch15.0.3

oracleretail_item_planningMatch16.0.3

oracleretail_macro_space_optimizationMatch16.0.3

oracleretail_merchandise_financial_planningMatch16.0.3

oracleretail_merchandising_systemMatch14.1.3.2

oracleretail_merchandising_systemMatch16.0.3

oracleretail_predictive_application_serverMatch14.1

oracleretail_regular_price_optimizationMatch16.0.3

oracleretail_replenishment_optimizationMatch16.0.3

oracleretail_service_backboneMatch14.1.3

oracleretail_service_backboneMatch15.0.3

oracleretail_service_backboneMatch16.0.3

oracleretail_size_profile_optimizationMatch16.0.3

oracleretail_store_inventory_managementMatch14.1.3.9

oracleretail_store_inventory_managementMatch15.0.3.0

oracleretail_store_inventory_managementMatch16.0.3.0

oracleretail_xstore_point_of_serviceMatch15.0.4

oracleretail_xstore_point_of_serviceMatch16.0.6

oracleretail_xstore_point_of_serviceMatch17.0.4

oracleretail_xstore_point_of_serviceMatch18.0.3

oracleretail_xstore_point_of_serviceMatch19.0.2

oraclestoragetek_acslsMatch8.5.1

oraclestoragetek_tape_analyticsMatch2.4

oracletimesten_in-memory_databaseRange<11.2.2.8.27

oracleutilities_frameworkMatch4.3.0.5.0

oracleutilities_frameworkMatch4.3.0.6.0

oracleutilities_frameworkMatch4.4.0.0.0

oracleutilities_frameworkMatch4.4.0.2.0

VendorProductVersionCPE
apacheant1.10.8cpe:2.3:a:apache:ant:1.10.8:*:*:*:*:*:*:*
gradlegradle*cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*
fedoraprojectfedora31cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
fedoraprojectfedora32cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
fedoraprojectfedora33cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
oracleagile_engineering_data_management6.2.1.0cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
oracleapi_gateway11.1.2.4.0cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
oraclebanking_platform2.4.0cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*
oraclebanking_platform2.4.1cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*
oraclebanking_platform2.6.2cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	ant	1.10.8	cpe:2.3:a:apache:ant:1.10.8:::::::*
gradle	gradle	*	cpe:2.3:a:gradle:gradle::::::::
fedoraproject	fedora	31	cpe:2.3:o:fedoraproject:fedora:31:::::::*
fedoraproject	fedora	32	cpe:2.3:o:fedoraproject:fedora:32:::::::*
fedoraproject	fedora	33	cpe:2.3:o:fedoraproject:fedora:33:::::::*
oracle	agile_engineering_data_management	6.2.1.0	cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
oracle	api_gateway	11.1.2.4.0	cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:::::::*
oracle	banking_platform	2.4.0	cpe:2.3:a:oracle:banking_platform:2.4.0:::::::*
oracle	banking_platform	2.4.1	cpe:2.3:a:oracle:banking_platform:2.4.1:::::::*
oracle	banking_platform	2.6.2	cpe:2.3:a:oracle:banking_platform:2.6.2:::::::*

Rows per page:

1-10 of 701

References

github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm

lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E

lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E

lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E

lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E

lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E

lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E

lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E

lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/

security.gentoo.org/glsa/202011-18

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujan2021.html

www.oracle.com/security-alerts/cpujan2022.html

www.oracle.com/security-alerts/cpuoct2021.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

58.7%

JSON

Related for NVD:CVE-2020-11979