Permission Vulnerability in Apache Ant Leading to Potential Source File Injection
CVE-2020-11979

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Ant
Vendor: CVE Published:; 1 October 2020

🔔 Create Apache Vulnerability Alert

What is CVE-2020-11979?

A flaw in Apache Ant allows for the deletion of temporary files without protective permissions. The fix for a previous vulnerability inadvertently opens a path for attackers to inject modified source files into the build process. This can compromise the integrity of the software being built, raising significant security concerns for developers relying on Apache Ant in their CI/CD pipelines.

Affected Version(s)

Apache Ant Apache Ant 1.10.8

References

https://lists.apache.org/thread.html/rc3c8ef9724b5b1e1715...

x_refsource_MISC

https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/r4ca33fad3fb39d130cd...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2020
Vulnerability Reserved
Apr 21, 2020

.

CVE-2020-11979 : Permission Vulnerability in Apache Ant Leading to Potential Source File Injection