As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4022-1 advisory.

  - As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so     that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the     temporary file and created a new one without said protection, effectively nullifying the effort. This     would still allow an attacker to inject modified source files into the build process. (CVE-2020-11979)

  - Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java     system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and     replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an     attacker to inject modified source files into the build process. (CVE-2020-1945)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0429 advisory.

  - ant: insecure temporary file vulnerability (CVE-2020-1945)

  - ant: insecure temporary file (CVE-2020-11979)

  - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)

  - jenkins:  XSS vulnerability in notification bar (CVE-2021-21603)

  - jenkins:  Improper handling of REST API XML deserialization errors (CVE-2021-21604)

  - jenkins:  Path traversal vulnerability in agent names (CVE-2021-21605)

  - jenkins:  Arbitrary file existence check in file fingerprints (CVE-2021-21606)

  - jenkins:  Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)

  - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)

  - jenkins:  Missing permission check for paths with specific prefix (CVE-2021-21609)

  - jenkins:  Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)

  - jenkins:  Stored XSS vulnerability on new item page (CVE-2021-21611)

  - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0637 advisory.

  - ant: insecure temporary file vulnerability (CVE-2020-1945)

  - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks     (CVE-2020-2304)

  - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks     (CVE-2020-2305)

  - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information     disclosure (CVE-2020-2306)

  - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin     (CVE-2020-2307)

  - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates     (CVE-2020-2308)

  - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials     IDs (CVE-2020-2309)

  - ant: insecure temporary file (CVE-2020-11979)

  - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)

  - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)

  - jenkins:  XSS vulnerability in notification bar (CVE-2021-21603)

  - jenkins:  Improper handling of REST API XML deserialization errors (CVE-2021-21604)

  - jenkins:  Path traversal vulnerability in agent names (CVE-2021-21605)

  - jenkins:  Arbitrary file existence check in file fingerprints (CVE-2021-21606)

  - jenkins:  Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)

  - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)

  - jenkins:  Missing permission check for paths with specific prefix (CVE-2021-21609)

  - jenkins:  Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)

  - jenkins:  Stored XSS vulnerability on new item page (CVE-2021-21611)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0423 advisory.

  - ant: insecure temporary file vulnerability (CVE-2020-1945)

  - ant: insecure temporary file (CVE-2020-11979)

  - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)

  - jenkins:  XSS vulnerability in notification bar (CVE-2021-21603)

  - jenkins:  Improper handling of REST API XML deserialization errors (CVE-2021-21604)

  - jenkins:  Path traversal vulnerability in agent names (CVE-2021-21605)

  - jenkins:  Arbitrary file existence check in file fingerprints (CVE-2021-21606)

  - jenkins:  Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)

  - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)

  - jenkins:  Missing permission check for paths with specific prefix (CVE-2021-21609)

  - jenkins:  Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)

  - jenkins:  Stored XSS vulnerability on new item page (CVE-2021-21611)

  - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the version of the ant packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - As mitigation for CVE-2020-1945 Apache Ant 1.10.8     changed the permissions of temporary files it created     so that only the current user was allowed to access     them. Unfortunately the fixcrlf task deleted the     temporary file and created a new one without said     protection, effectively nullifying the effort. This     would still allow an attacker to inject modified source     files into the build process.(CVE-2020-11979)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote host is 16.x prior to 16.2.16.4 or 17.x prior to 17.12.11.6 or 18.x prior to 18.8.18.3 or 19.x prior to 19.12.13 or 20.x prior to 20.12.1. It is, therefore, affected by  multiple vulnerabilities as referenced in the January 2021 CPU advisory.

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform     (MPXJ)). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8, 19.12 and 20.12. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Primavera Unifier. Successful attacks of this vulnerability can result in takeover of Primavera Unifier.
    (CVE-2020-25020)

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Core,     Config (Apache Ant)). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8, 19.12 and     20.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to     compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized     creation, deletion or modification access to critical data or all Primavera Unifier accessible data.
    (CVE-2020-11979)

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Core     (Apache Commons BeanUtils)). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8, 19.12     and 20.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized     update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read     access to a subset of Primavera Unifier accessible data and unauthorized ability to cause a partial denial     of service (partial DOS) of Primavera Unifier. (CVE-2019-10086)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the January 2021 CPU advisory.

  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin     (Apache Ant)). Supported versions that are affected are 16.2.0-16.2.11 and 17.12.0-17.12.9. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized creation, deletion     or modification access to critical data or all Primavera Gateway accessible data. (CVE-2020-11979)

  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin     (Spring Framework)). Supported versions that are affected are 16.2.0-16.2.11, 17.12.0-17.12.9,     18.8.0-18.8.10 and 19.12.0-19.12.10. Difficult to exploit vulnerability allows low privileged attacker     with network access via HTTP to compromise Primavera Gateway. Successful attacks require human interaction     from a person other than the attacker and while the vulnerability is in Primavera Gateway, attacks may     significantly impact additional products. Successful attacks of this vulnerability can result in     unauthorized creation, deletion or modification access to critical data or all Primavera Gateway     accessible data as well as unauthorized read access to a subset of Primavera Gateway accessible data.
    (CVE-2020-5421)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202011-18 (Apache Ant: Insecure temporary file)

    A previous fix for a security vulnerability involving insecure temporary       files has been found to be incomplete.
  Impact :

    A local attacker could perform symlink attacks to overwrite arbitrary       files with the privileges of the user running the application.
  Workaround :

    There is no known workaround at this time.

Update to version 1.10.9.

Addresses CVE-2020-11979

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the apache package has been released.

ID	Name	Product	Family	Severity
167779	SUSE SLES12 Security Update : ant (SUSE-SU-2022:4022-1)	Nessus	SuSE Local Security Checks	high
147015	RHEL 7 / 8 : OpenShift Container Platform 4.5.33 (RHSA-2021:0429)	Nessus	Red Hat Local Security Checks	high
147013	RHEL 7 : OpenShift Container Platform 3.11.394 (RHSA-2021:0637)	Nessus	Red Hat Local Security Checks	high
146566	RHEL 8 : OpenShift Container Platform 4.6.17 (RHSA-2021:0423)	Nessus	Red Hat Local Security Checks	high
145709	EulerOS 2.0 SP8 : ant (EulerOS-SA-2021-1133)	Nessus	Huawei Local Security Checks	high
145569	Oracle Primavera Unifier (Jan 2021 CPU)	Nessus	CGI abuses	critical
145223	Oracle Primavera Gateway (Jan 2021 CPU)	Nessus	CGI abuses	high
142932	GLSA-202011-18 : Apache Ant: Insecure temporary file	Nessus	Gentoo Local Security Checks	high
141900	Fedora 33 : ant (2020-2640aa4e19)	Nessus	Fedora Local Security Checks	high
141895	Fedora 32 : ant (2020-92b1d001b3)	Nessus	Fedora Local Security Checks	high
141887	Fedora 31 : ant (2020-3ce0f55bc5)	Nessus	Fedora Local Security Checks	high
141866	Photon OS 3.0: Apache PHSA-2020-3.0-0155	Nessus	PhotonOS Local Security Checks	high
141860	Photon OS 1.0: Apache PHSA-2020-1.0-0335	Nessus	PhotonOS Local Security Checks	high
141642	Photon OS 2.0: Apache PHSA-2020-2.0-0291	Nessus	PhotonOS Local Security Checks	high

Detections

Analytics

CVE-2020-11979

high

Tenable Plugins

high

high

high

high

high

critical

high

high

high

high

high

high

high

high