As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
12 May 2022, 14:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:storagetek_tape_analytics:2.4:*:*:*:*:*:*:* |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Mar 2022, 20:35
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory |
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Dec 2021, 19:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_eftlink:20.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_replenishment_optimization:16.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_merchandising_system:14.1.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_merchandise_financial_planning:16.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:real-time_decision_server:11.1.1.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_category_management_planning_\&_optimization:16.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_macro_space_optimization:16.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_item_planning:16.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_regular_price_optimization:16.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:* |
|
References | (MLIST) https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/ - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/ - Mailing List, Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E - Mailing List, Patch, Vendor Advisory |
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jul 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E - Mailing List, Vendor Advisory |
21 Jun 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-10-01 20:15
Updated : 2024-02-04 21:23
NVD link : CVE-2020-11979
Mitre link : CVE-2020-11979
CVE.ORG link : CVE-2020-11979
JSON object : View
Products Affected
oracle
- banking_platform
- retail_service_backbone
- primavera_unifier
- retail_macro_space_optimization
- timesten_in-memory_database
- retail_item_planning
- api_gateway
- retail_predictive_application_server
- retail_regular_price_optimization
- banking_treasury_management
- retail_xstore_point_of_service
- communications_unified_inventory_management
- flexcube_private_banking
- retail_assortment_planning
- retail_financial_integration
- retail_merchandise_financial_planning
- enterprise_repository
- retail_category_management_planning_\&_optimization
- financial_services_analytical_applications_infrastructure
- primavera_gateway
- endeca_information_discovery_studio
- retail_eftlink
- retail_integration_bus
- data_integrator
- retail_merchandising_system
- real-time_decision_server
- retail_store_inventory_management
- utilities_framework
- retail_replenishment_optimization
- retail_advanced_inventory_planning
- agile_engineering_data_management
- retail_size_profile_optimization
- storagetek_acsls
- storagetek_tape_analytics
fedoraproject
- fedora
gradle
- gradle
apache
- ant
CWE