CVE-2020-11979

Опубликовано: 01 окт. 2020

Источник: ubuntu

Приоритет: medium

CVSS2: 5

CVSS3: 7.5

Описание

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	not-affected	1.10.9-1
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	not-affected	1.10.9-1
esm-apps/noble	not-affected	1.10.9-1
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	needs-triage
focal	ignored	end of standard support, was needs-triage
groovy	ignored	end of life

Показывать по

Ссылки на источники

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2020-11979

CVSS3: 6.2

redhat

больше 5 лет назад

CVE-2020-11979

CVSS3: 7.5

nvd

больше 5 лет назад

CVE-2020-11979

CVSS3: 7.5

msrc

больше 5 лет назад

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.

CVE-2020-11979

CVSS3: 7.5

debian

больше 5 лет назад

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissi ...

GHSA-f62v-xpxf-3v68

CVSS3: 7.5

github

около 5 лет назад

Code injection in Apache Ant

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2020-11979

Описание

Пакет ant

Ссылки на источники

Связанные уязвимости