CVE-2020-11979

EPSS 0.61%
Veröffentlicht 01.10.2020 20:15:13
Zuletzt bearbeitet 21.11.2024 04:59:02
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 22

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Ant Version1.10.8

Gradle ≫ Gradle Version < 6.8.0

Fedoraproject ≫ Fedora Version31

Fedoraproject ≫ Fedora Version32

Fedoraproject ≫ Fedora Version33

Oracle ≫ Agile Engineering Data Management Version6.2.1.0

Oracle ≫ Api Gateway Version11.1.2.4.0

Oracle ≫ Banking Platform Version2.4.0

Oracle ≫ Banking Platform Version2.4.1

Oracle ≫ Banking Platform Version2.6.2

Oracle ≫ Banking Platform Version2.7.0

Oracle ≫ Banking Platform Version2.7.1

Oracle ≫ Banking Platform Version2.8.0

Oracle ≫ Banking Treasury Management Version14.4

Oracle ≫ Communications Unified Inventory Management Version7.4.0

Oracle ≫ Communications Unified Inventory Management Version7.4.1

Oracle ≫ Data Integrator Version12.2.1.3.0

Oracle ≫ Data Integrator Version12.2.1.4.0

Oracle ≫ Endeca Information Discovery Studio Version3.2.0.0

Oracle ≫ Enterprise Repository Version11.1.1.7.0

Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.0.6 <= 8.0.9

Oracle ≫ Financial Services Analytical Applications Infrastructure Version8.1.0

Oracle ≫ Financial Services Analytical Applications Infrastructure Version8.1.1

Oracle ≫ Flexcube Private Banking Version12.0.0

Oracle ≫ Flexcube Private Banking Version12.1.0

Oracle ≫ Primavera Gateway Version >= 16.2.0 <= 16.2.11

Oracle ≫ Primavera Gateway Version >= 17.12.0 <= 17.12.9

Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12

Oracle ≫ Primavera Unifier Version16.1

Oracle ≫ Primavera Unifier Version16.2

Oracle ≫ Primavera Unifier Version18.8

Oracle ≫ Primavera Unifier Version19.12

Oracle ≫ Primavera Unifier Version20.12

Oracle ≫ Real-time Decision Server Version3.2.0.0

Oracle ≫ Real-time Decision Server Version11.1.1.9.0

Oracle ≫ Retail Advanced Inventory Planning Version14.1

Oracle ≫ Retail Assortment Planning Version16.0.3

Oracle ≫ Retail Category Management Planning & Optimization Version16.0.3

Oracle ≫ Retail Eftlink Version19.0.1

Oracle ≫ Retail Eftlink Version20.0.0

Oracle ≫ Retail Financial Integration Version14.1.3

Oracle ≫ Retail Financial Integration Version15.0.3

Oracle ≫ Retail Financial Integration Version16.0.3

Oracle ≫ Retail Integration Bus Version15.0.3

Oracle ≫ Retail Item Planning Version16.0.3

Oracle ≫ Retail Macro Space Optimization Version16.0.3

Oracle ≫ Retail Merchandise Financial Planning Version16.0.3

Oracle ≫ Retail Merchandising System Version14.1.3.2

Oracle ≫ Retail Merchandising System Version16.0.3

Oracle ≫ Retail Predictive Application Server Version14.1

Oracle ≫ Retail Regular Price Optimization Version16.0.3

Oracle ≫ Retail Replenishment Optimization Version16.0.3

Oracle ≫ Retail Service Backbone Version14.1.3

Oracle ≫ Retail Service Backbone Version15.0.3

Oracle ≫ Retail Service Backbone Version16.0.3

Oracle ≫ Retail Size Profile Optimization Version16.0.3

Oracle ≫ Retail Store Inventory Management Version14.1.3.9

Oracle ≫ Retail Store Inventory Management Version15.0.3.0

Oracle ≫ Retail Store Inventory Management Version16.0.3.0

Oracle ≫ Retail Xstore Point Of Service Version15.0.4

Oracle ≫ Retail Xstore Point Of Service Version16.0.6

Oracle ≫ Retail Xstore Point Of Service Version17.0.4

Oracle ≫ Retail Xstore Point Of Service Version18.0.3

Oracle ≫ Retail Xstore Point Of Service Version19.0.2

Oracle ≫ Storagetek Acsls Version8.5.1

Oracle ≫ Storagetek Tape Analytics Version2.4

Oracle ≫ Timesten In-memory Database Version < 11.2.2.8.27

Oracle ≫ Utilities Framework Version4.3.0.5.0

Oracle ≫ Utilities Framework Version4.3.0.6.0

Oracle ≫ Utilities Framework Version4.4.0.0.0

Oracle ≫ Utilities Framework Version4.4.0.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.61%	0.689

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-379 Creation of Temporary File in Directory with Insecure Permissions

The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.

https://www.oracle.com/security-alerts/cpujan2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Patch

Third Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Patch

Third Party Advisory