Is CVE-2020-11979 actively exploited?

CVE-2020-11979 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2020-11979?

CVE-2020-11979 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

How do I patch CVE-2020-11979?

Patch guidance is available from apache security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2020-11979.

Fix CVE-2020-11979 - HIGH apache ant

Q: Which products are affected by CVE-2020-11979?

71 products: apache ant, gradle gradle, fedoraproject fedora, fedoraproject fedora, fedoraproject fedora, and 66 more.

Description

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
Weaknesses: CWE-379NVD-CWE-Other

Metadata

Primary Vendor: APACHE
Published: 10/1/2020
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

apache : antgradle : gradlefedoraproject : fedorafedoraproject : fedorafedoraproject : fedoraoracle : agile_engineering_data_managementoracle : api_gatewayoracle : banking_platformoracle : banking_platformoracle : banking_platformoracle : banking_platformoracle : banking_platformoracle : banking_platformoracle : banking_treasury_managementoracle : communications_unified_inventory_managementoracle : communications_unified_inventory_managementoracle : data_integratororacle : data_integratororacle : endeca_information_discovery_studiooracle : enterprise_repositoryoracle : financial_services_analytical_applications_infrastructureoracle : financial_services_analytical_applications_infrastructureoracle : financial_services_analytical_applications_infrastructureoracle : flexcube_private_bankingoracle : flexcube_private_bankingoracle : primavera_gatewayoracle : primavera_gatewayoracle : primavera_unifieroracle : primavera_unifieroracle : primavera_unifieroracle : primavera_unifieroracle : primavera_unifieroracle : primavera_unifieroracle : real-time_decision_serveroracle : real-time_decision_serveroracle : retail_advanced_inventory_planningoracle : retail_assortment_planningoracle : retail_category_management_planning_\&_optimizationoracle : retail_eftlinkoracle : retail_eftlinkoracle : retail_financial_integrationoracle : retail_financial_integrationoracle : retail_financial_integrationoracle : retail_integration_busoracle : retail_item_planningoracle : retail_macro_space_optimizationoracle : retail_merchandise_financial_planningoracle : retail_merchandising_systemoracle : retail_merchandising_systemoracle : retail_predictive_application_serveroracle : retail_regular_price_optimizationoracle : retail_replenishment_optimizationoracle : retail_service_backboneoracle : retail_service_backboneoracle : retail_service_backboneoracle : retail_size_profile_optimizationoracle : retail_store_inventory_managementoracle : retail_store_inventory_managementoracle : retail_store_inventory_managementoracle : retail_xstore_point_of_serviceoracle : retail_xstore_point_of_serviceoracle : retail_xstore_point_of_serviceoracle : retail_xstore_point_of_serviceoracle : retail_xstore_point_of_serviceoracle : storagetek_acslsoracle : storagetek_tape_analyticsoracle : timesten_in-memory_databaseoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_framework

Remediation Guidance

Executive Summary

View on NIST NVD