BIT-GRADLE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

Security Bulletin: Apache Ant Vulnerabilities Affect IBM Control Center (CVE-2020-1945, CVE-2020-11979)

Summary Apache Ant could allow a remote attacker to bypass security restrictions. Vulnerability Details CVEID: CVE-2020-1945 DESCRIPTION: Apache Ant could allow a remote attacker to bypass security restrictions, caused by the use of an insecure temporary directory to store source files. By sendin...

Security Bulletin: Vulnerability in Apache Ant affect IBM Operations Analytics - Log Analysis Analysis (CVE-2020-1945)

Summary A vulnerability in Apache Ant which could potentially leak sensitive information was addressed by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID: CVE-2020-1945 DESCRIPTION: Apache Ant could allow a remote attacker to bypass security restrictions, caused by the use of...

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...