CVE-2020-1945

LOW

Description

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

References

https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.creadur.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.creadur.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.creadur.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.creadur.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.creadur.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.creadur.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cnotifications.groovy.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E

https://lists.apache.org/thread.html/r1b[email protected]%3Cdev.hive.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E

https://lists.fedoraproject.org/archives/list/[email protected]/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/

https://lists.fedoraproject.org/archives/list/[email protected]/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/

https://usn.ubuntu.com/4380-1/

https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.creadur.apache.org%3E

https://www.oracle.com/security-alerts/cpujul2020.html

https://lists.apache.org/thread.html/[email protected]%3Ctorque-dev.db.apache.org%3E

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html

https://security.gentoo.org/glsa/202007-34

https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.myfaces.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.ant.apache.org%3E

https://lists.apache.org/thread.html/rb8ec556f176c83[email protected]%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cuser.ant.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.creadur.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.creadur.apache.org%3E

http://www.openwall.com/lists/oss-security/2020/09/30/6

https://lists.apache.org/thread.html/[email protected]%3Cdev.creadur.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.creadur.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.creadur.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.creadur.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.creadur.apache.org%3E

https://www.oracle.com/security-alerts/cpuoct2020.html

https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cnotifications.groovy.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.groovy.apache.org%3E

https://lists.apache.org/thread.html/rce099751721c26a8166d[email protected]%3Cnotifications.groovy.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.groovy.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cusers.groovy.apache.org%3E

http://www.openwall.com/lists/oss-security/2020/12/06/1

https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cnotifications.groovy.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.myfaces.apache.org%3E

https://www.oracle.com/security-alerts/cpujan2021.html

https://lists.apache.org/thread.html/[email protected]%3Cdev.creadur.apache.org%3E

Details

Source: MITRE

Published: 2020-05-14

Updated: 2021-04-19

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 3.3

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 3.4

Severity: LOW

CVSS v3.0

Base Score: 6.3

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Impact Score: 5.2

Exploitability Score: 1

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:* versions from 1.1 to 1.9.14 (inclusive)

cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:* versions from 1.10.0 to 1.10.7 (inclusive)

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
147015RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)NessusRed Hat Local Security Checks
medium
147013RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)NessusRed Hat Local Security Checks
medium
146566RHEL 7 / 8 : OpenShift Container Platform 4.6.17 (RHSA-2021:0423)NessusRed Hat Local Security Checks
medium
142265EulerOS 2.0 SP2 : ant (EulerOS-SA-2020-2327)NessusHuawei Local Security Checks
low
142210Oracle Business Process Management Suite (Oct 2020 CPU)NessusMisc.
high
140937FreeBSD : Apache Ant leaks sensitive information via the java.io.tmpdir (6d5f1b0b-b865-48d5-935b-3fb6ebb425fc)NessusFreeBSD Local Security Checks
low
140899EulerOS 2.0 SP3 : ant (EulerOS-SA-2020-2132)NessusHuawei Local Security Checks
low
140136EulerOS 2.0 SP5 : ant (EulerOS-SA-2020-1915)NessusHuawei Local Security Checks
low
139124EulerOS 2.0 SP8 : ant (EulerOS-SA-2020-1794)NessusHuawei Local Security Checks
low
138957GLSA-202007-34 : Apache Ant: Multiple vulnerabilitiesNessusGentoo Local Security Checks
low
138789openSUSE Security Update : ant (openSUSE-2020-1022)NessusSuSE Local Security Checks
low
138594Oracle Enterprise Manager Ops Center (Jul 2020 CPU)NessusMisc.
medium
138526Oracle Primavera Gateway (Jul 2020 CPU)NessusCGI abuses
high
138508Oracle Primavera Unifier Multiple Vulnerabilities (Jul 2020 CPU)NessusCGI abuses
medium
137317Photon OS 1.0: Apache PHSA-2020-1.0-0298NessusPhotonOS Local Security Checks
medium
137199Photon OS 3.0: Apache PHSA-2020-3.0-0099NessusPhotonOS Local Security Checks
low
137116Fedora 32 : ant (2020-7f07da3fef)NessusFedora Local Security Checks
low
137046Ubuntu 19.10 : Apache Ant vulnerability (USN-4380-1)NessusUbuntu Local Security Checks
low
137009Fedora 31 : ant (2020-52741b0a49)NessusFedora Local Security Checks
low