ALT-PU-2021-4986-1

Package update ant in branch sisyphus

Version1.10.8-alt1_4jpp11

Published2021-06-03

Max severityMEDIUM

Severity:

Closed issues (3)

MEDIUM6.3

Уязвимость компонента java.io.tmpdir утилиты автоматизации процесса сборки программного продукта Apache Ant, позволяющая нарушителю получить доступ на изменение данных или несанкционированный доступ к защищаемой информации

Published: 2020-07-29Modified: 2022-10-18

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:L/AC:H/Au:S/C:C/I:C/A:N

References

CVE-2020-1945

MEDIUM6.3

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

Published: 2020-05-14Modified: 2024-11-21

CVSS 2.0LOW 3.3

CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:P/A:N

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

References

GHSA-4p6w-m9wc-c9c9

MEDIUM6.3

Sensitive Data Exposure in Apache Ant

Published: 2020-09-14Modified: 2022-02-09

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

References