CVE-2020-11986

EPSS 2.25%
Published 09.09.2020 16:15:11
Last modified 21.11.2024 04:59:03
Source security@apache.org
Teams watchlist Login
Open Login

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis of the project at load time. This in turn will run potentially malicious code, from an external source, without the consent of the user.

Affected products Warnungen 0 Metrics 3 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Netbeans Version <= 12.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.25%	0.83

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

https://lists.apache.org/thread.html/r0fb2ba21a0469f64c2dff945dbe68f7b1122e1bff2b2b46271682406%40%3Cnotifications.netbeans.apache.org%3E

https://lists.apache.org/thread.html/ra81cdcf325bf4ea085c178f95ed6b50d4f1c095be50577b2f9b88984%40%3Cnotifications.netbeans.apache.org%3E

https://lists.apache.org/thread.html/rbb8ea1b684e73107a0a6a30245ad6112bec2e6e171368c808e69217e%40%3Cannounce.netbeans.apache.org%3E

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2020-11986

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11986

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11986

EUVD