[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2020-1945Date: (C)2020-05-15   (M)2023-12-22


Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.3CVSS Score : 3.3
Exploit Score: 1.0Exploit Score: 3.4
Impact Score: 5.2Impact Score: 4.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: LOWAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: NONE
Integrity: HIGH 
Availability: NONE 
  
Reference:
FEDORA-2020-52741b0a49
FEDORA-2020-7f07da3fef
GLSA-202007-34
N/A
USN-4380-1
https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E
https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E
https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E
https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E
https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E
https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E
https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E
https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E
https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E
https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E
https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E
http://www.openwall.com/lists/oss-security/2020/09/30/6
http://www.openwall.com/lists/oss-security/2020/12/06/1
https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
openSUSE-SU-2020:1022

CPE    3
cpe:/a:apache:ant
cpe:/a:oracle:retail_point-of-service:14.0
cpe:/a:oracle:retail_point-of-service:14.1
CWE    1
CWE-668
OVAL    6
oval:org.secpod.oval:def:118287
oval:org.secpod.oval:def:118291
oval:org.secpod.oval:def:1801745
oval:org.secpod.oval:def:89047884
...

© SecPod Technologies