ID

VAR-202010-1567


CVE

CVE-2020-11979


TITLE

Apache Ant  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-012067

DESCRIPTION

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. Apache Ant Contains an unspecified vulnerability.Information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Ant is a set of automation tools for Java software development developed by the Apache Software Foundation. This tool is mainly used for software compilation, testing and deployment. The vulnerability stems from the fact that the network system or product lacks correct verification of user input data during the operation process of user input to construct commands, data structures, or records, and does not filter or correctly filter out special elements in it, resulting in parsing or failure of the system or product. Wrong way of interpreting. Linux Security Advisory GLSA 202011-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache Ant: Insecure temporary file Date: November 16, 2020 Bugs: #745768 ID: 202011-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Apache Ant uses various insecure temporary files possibly allowing local code execution. Background ========== Ant is a Java-based build tool similar to ‘make’ that uses XML configuration files. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/ant < 1.10.9 >= 1.10.9 Description =========== A previous fix for a security vulnerability involving insecure temporary files has been found to be incomplete. Impact ====== A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache Ant users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/ant-1.10.9" References ========== [ 1 ] CVE-2020-11979 https://nvd.nist.gov/vuln/detail/CVE-2020-11979 [ 2 ] GLSA-202007-34 https://security.gentoo.org/glsa/202007-34 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202011-18 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Bugs fixed (https://bugzilla.redhat.com/): 1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1903702 - CVE-2020-11979 ant: insecure temporary file 1921322 - CVE-2021-21615 jenkins: Filesystem traversal by privileged users 1925140 - CVE-2021-21608 jenkins: Stored XSS vulnerability in button labels 1925141 - CVE-2021-21609 jenkins: Missing permission check for paths with specific prefix 1925143 - CVE-2021-21605 jenkins: Path traversal vulnerability in agent names 1925145 - CVE-2021-21611 jenkins: Stored XSS vulnerability on new item page 1925151 - CVE-2021-21610 jenkins: Reflected XSS vulnerability in markup formatter preview 1925156 - CVE-2021-21607 jenkins: Excessive memory allocation in graph URLs leads to denial of service 1925157 - CVE-2021-21604 jenkins: Improper handling of REST API XML deserialization errors 1925159 - CVE-2021-21606 jenkins: Arbitrary file existence check in file fingerprints 1925160 - CVE-2021-21603 jenkins: XSS vulnerability in notification bar 1925161 - CVE-2021-21602 jenkins: Arbitrary file read vulnerability in workspace browsers 1925674 - Placeholder bug for OCP 4.6.0 rpm release 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 3.11.394 bug fix and security update Advisory ID: RHSA-2021:0637-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:0637 Issue date: 2021-03-03 CVE Names: CVE-2020-1945 CVE-2020-2304 CVE-2020-2305 CVE-2020-2306 CVE-2020-2307 CVE-2020-2308 CVE-2020-2309 CVE-2020-11979 CVE-2020-25658 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 3.11.394 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 3.11 - noarch, ppc64le, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304) * jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305) * ant: Insecure temporary file vulnerability (CVE-2020-1945) * jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306) * jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes plug-in (CVE-2020-2307) * jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308) * jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes plug-in allows enumerating credentials IDs (CVE-2020-2309) * ant: Insecure temporary file (CVE-2020-11979) * python-rsa: Bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.394. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:0638 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html This update fixes the following bugs among others: * Previously, the restart-cluster playbook did not evaluate the defined cluster size for ops clusters. This was causing come clusters to never complete their restart. This bug fix passes the logging ops cluster size, allowing restarts of ops clusters to complete successfully. (BZ#1879407) * Previously, the `openshift_named_certificates` role checked the contents of the `ca-bundle.crt` file during cluster installation. This caused the check to fail during initial installation because the `ca-bundle.crt` file is not yet created in that scenario. This bug fix allows the cluster to skip checking the `ca-bundle.crt` file if it does not exist, resulting in initial installations succeeding. (BZ#1920567) * Previously, if the `openshift_release` attribute was not set in the Ansible inventory file, the nodes of the cluster would fail during an upgrade. This was caused by the `cluster_facts.yml` file being gathered before the `openshift_release` attribute was defined by the upgrade playbook. Now the `cluster_facts.yml` file is gathered after the `openshift_version` role runs and the `openshift_release` attribute is set, allowing for successful node upgrades. (BZ#1921353) All OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system is applied. See the following documentation, which will be updated shortly for release 3.11.394, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258. 5. Bugs fixed (https://bugzilla.redhat.com/): 1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1849003 - fact dicts returned are of type string rather than dict 1873346 - In-place upgrade of OCP 3.11 does not upgrade Kuryr components 1879407 - The restart-cluster playbook doesn't take into account that openshift_logging_es_ops_cluster_size could be different from openshift_logging_es_cluster_size 1889972 - CVE-2020-25658 python-rsa: bleichenbacher timing oracle attack against RSA decryption 1895939 - CVE-2020-2304 jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks 1895940 - CVE-2020-2305 jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks 1895941 - CVE-2020-2306 jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure 1895945 - CVE-2020-2307 jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin 1895946 - CVE-2020-2308 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates 1895947 - CVE-2020-2309 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs 1903699 - Prometheus consumes all available memory 1903702 - CVE-2020-11979 ant: insecure temporary file 1918392 - Unable to access kibana URLafter enabling HTTP2 on Haproxy router 1920567 - [release-3.11] - ca-bundle.crt(/etc/origin/master/ca-bundle.crt) is missing on the fresh installation process 1921353 - OCP 3.11.374 Upgrade fails with Either OpenShift needs to be installed or openshift_release needs to be specified 1924614 - Provide jenkins agent image for maven36 1924811 - Provide jenkins agent image for maven36 1929170 - kuryr-cni pods in crashloop after updating OCP due to RuntimeError caused by attempting to delete eth0 host interface 1929216 - KeyError: 'addresses' in kuryr-controller when Endpoints' slice only lists notReadyAddresses 6. Package List: Red Hat OpenShift Container Platform 3.11: Source: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.src.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.src.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.src.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.src.rpm atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.src.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.src.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.src.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.src.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.src.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.src.rpm golang-github-prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.src.rpm golang-github-prometheus-node_exporter-3.11.394-1.git.1062.8adc4b8.el7.src.rpm golang-github-prometheus-prometheus-3.11.394-1.git.5026.2c9627f.el7.src.rpm haproxy-1.8.28-1.el7.src.rpm jenkins-2-plugins-3.11.1612862361-1.el7.src.rpm jenkins-2.263.3.1612433584-1.el7.src.rpm openshift-ansible-3.11.394-6.git.0.47ec25d.el7.src.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.src.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.src.rpm openshift-kuryr-3.11.394-1.git.1490.16ed375.el7.src.rpm python-rsa-4.5-3.el7.src.rpm noarch: atomic-openshift-docker-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm atomic-openshift-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm jenkins-2-plugins-3.11.1612862361-1.el7.noarch.rpm jenkins-2.263.3.1612433584-1.el7.noarch.rpm openshift-ansible-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-docs-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-playbooks-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-roles-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-test-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-kuryr-cni-3.11.394-1.git.1490.16ed375.el7.noarch.rpm openshift-kuryr-common-3.11.394-1.git.1490.16ed375.el7.noarch.rpm openshift-kuryr-controller-3.11.394-1.git.1490.16ed375.el7.noarch.rpm python2-kuryr-kubernetes-3.11.394-1.git.1490.16ed375.el7.noarch.rpm python2-rsa-4.5-3.el7.noarch.rpm ppc64le: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.ppc64le.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.ppc64le.rpm atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.ppc64le.rpm atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.ppc64le.rpm atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.ppc64le.rpm atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.ppc64le.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.ppc64le.rpm haproxy-debuginfo-1.8.28-1.el7.ppc64le.rpm haproxy18-1.8.28-1.el7.ppc64le.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.ppc64le.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.ppc64le.rpm prometheus-3.11.394-1.git.5026.2c9627f.el7.ppc64le.rpm prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.ppc64le.rpm prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.ppc64le.rpm x86_64: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.x86_64.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.x86_64.rpm atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.x86_64.rpm atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.x86_64.rpm atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.x86_64.rpm atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.x86_64.rpm atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.x86_64.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.x86_64.rpm haproxy-debuginfo-1.8.28-1.el7.x86_64.rpm haproxy18-1.8.28-1.el7.x86_64.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.x86_64.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.x86_64.rpm prometheus-3.11.394-1.git.5026.2c9627f.el7.x86_64.rpm prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.x86_64.rpm prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-1945 https://access.redhat.com/security/cve/CVE-2020-2304 https://access.redhat.com/security/cve/CVE-2020-2305 https://access.redhat.com/security/cve/CVE-2020-2306 https://access.redhat.com/security/cve/CVE-2020-2307 https://access.redhat.com/security/cve/CVE-2020-2308 https://access.redhat.com/security/cve/CVE-2020-2309 https://access.redhat.com/security/cve/CVE-2020-11979 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYD+BmNzjgjWX9erEAQjE+Q//ZZiX1bD9qOdi3w9TpwdZLagxnE5NTy5Z Ru/GN0qaTIBHo8QHZqgt6jBT5ADfW0KgEdA3N+fi43f4ud5fO+2eQcdE4oeSAE93 T5PAL+UBlb4ykAqQQnLVMO8G5Hc2IOw68wZjC+YFcEB36FnZifCk/z14OdUR3WyT g5ohmXKJw3ojfOsPK0ZIePS4V7RwTosagKHdyVa+tpxxVlkcZf2q08e5U7YkkhKv d/4UzYfGYtpm8ozYde1Cvs6cCU2ar7VQjsGW597BgSMXYESDqnPTKUJ5y8btFTwL j5z0ZSc96MBOkyebqxqhNdeFwg4liCl0RhBSUBhsG6e40Du8+3+LPUS579R1cp8N qCW0ODujVh804XNOXSqGAbmPXb6BL8uIY6j4kdzfZH4xgBGG1oOhiUcjPrJQkohD 7fRf/aLCtRno9d98oylMuxPWEf4XfeltF4zin8hWdvBlfSxfy6aGjdmXcHWIP3Es 4jL7h5IBtTn/8IXO5kXUlBeHOTNfjA48W/MmxyN6TNoTFrrsgR1pk7RUCxjAgOi/ Nk/IYlBheWb1Bvm/QCMpA5qDUSNZnmADw6BBRoViE+/DKBM9/DEUX6KOq6H3Ak0v wA7QOAVVk2COxBJCsmy7EJUJYMuyfrNkovukWKHUQQuDFcjy5nWYbGmmejX/STB2 +rElYOcZkO0=9NLN -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.7

sources: NVD: CVE-2020-11979 // JVNDB: JVNDB-2020-012067 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-164611 // VULMON: CVE-2020-11979 // PACKETSTORM: 160093 // PACKETSTORM: 161644 // PACKETSTORM: 161454 // PACKETSTORM: 161647

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.7.1

Trust: 1.0

vendor:oraclemodel:retail regular price optimizationscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:data integratorscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:14.1.3

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:16.0.6

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:16.2.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.6

Trust: 1.0

vendor:oraclemodel:retail item planningscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:agile engineering data managementscope:eqversion:6.2.1.0

Trust: 1.0

vendor:oraclemodel:endeca information discovery studioscope:eqversion:3.2.0.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.0.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:16.1

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.1.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:15.0.3.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:17.12.9

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:19.0.2

Trust: 1.0

vendor:gradlemodel:gradlescope:ltversion:6.8.0

Trust: 1.0

vendor:oraclemodel:storagetek acslsscope:eqversion:8.5.1

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.1.3.9

Trust: 1.0

vendor:oraclemodel:retail merchandise financial planningscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.4.0

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:17.0.4

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.7.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:oraclemodel:real-time decision serverscope:eqversion:11.1.1.9.0

Trust: 1.0

vendor:oraclemodel:retail merchandising systemscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:14.1.3

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:16.2

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:18.8

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:20.0.0

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.8.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:16.0.3

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:oraclemodel:retail replenishment optimizationscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.2.0

Trust: 1.0

vendor:oraclemodel:timesten in-memory databasescope:ltversion:11.2.2.8.27

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:17.12.0

Trust: 1.0

vendor:apachemodel:antscope:eqversion:1.10.8

Trust: 1.0

vendor:oraclemodel:retail assortment planningscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:banking treasury managementscope:eqversion:14.4

Trust: 1.0

vendor:oraclemodel:enterprise repositoryscope:eqversion:11.1.1.7.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.3.0.5.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.7

Trust: 1.0

vendor:oraclemodel:retail advanced inventory planningscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:19.12

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.4.1

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:18.0.3

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.6.2

Trust: 1.0

vendor:oraclemodel:retail macro space optimizationscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:15.0.4

Trust: 1.0

vendor:oraclemodel:retail category management planning \& optimizationscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:api gatewayscope:eqversion:11.1.2.4.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.0.9

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:20.12

Trust: 1.0

vendor:oraclemodel:retail size profile optimizationscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:storagetek tape analyticsscope:eqversion:2.4

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.3.0.6.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.1.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.0

Trust: 1.0

vendor:oraclemodel:real-time decision serverscope:eqversion:3.2.0.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.0.0

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:retail merchandising systemscope:eqversion:14.1.3.2

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:16.2.11

Trust: 1.0

vendor:oraclemodel:data integratorscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:apachemodel:antscope: - version: -

Trust: 0.8

vendor:gradlemodel:gradlescope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle banking platformscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle enterprise repositoryscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle financial services analytical applications infrastructurescope: - version: -

Trust: 0.8

vendor:オラクルmodel:primavera gatewayscope: - version: -

Trust: 0.8

vendor:オラクルmodel:primavera unifierscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle retail financial integrationscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle retail integration busscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle retail service backbonescope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle retail store inventory managementscope: - version: -

Trust: 0.8

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012067 // NVD: CVE-2020-11979

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-11979
value: HIGH

Trust: 1.0

NVD: CVE-2020-11979
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202010-015
value: HIGH

Trust: 0.6

VULHUB: VHN-164611
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-11979
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-11979
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-164611
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-11979
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-11979
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-164611 // VULMON: CVE-2020-11979 // JVNDB: JVNDB-2020-012067 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202010-015 // NVD: CVE-2020-11979

PROBLEMTYPE DATA

problemtype:CWE-379

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Other (CWE-Other) [NVD Evaluation ]

Trust: 0.8

problemtype:CWE-74

Trust: 0.1

sources: VULHUB: VHN-164611 // JVNDB: JVNDB-2020-012067 // NVD: CVE-2020-11979

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-015

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202010-015

PATCH

title:Apache Ant insecure temporary file vulnerability Oracle Oracle Critical Patch Updateurl:https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E

Trust: 0.8

title:Apache Ant Repair measures for injecting vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=130249

Trust: 0.6

title:Debian CVElist Bug Report Logs: ant: CVE-2020-11979url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=2a449f8fc892d50c69e07a3668964924

Trust: 0.1

title:IBM: Security Bulletin: Vulnerability in Apache Ant affects IBM Spectrum Symphonyurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3dd0d4ffb8383347639c4ccc74310f32

Trust: 0.1

title:Arch Linux Advisories: [ASA-202012-5] ant: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202012-5

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-11979 log

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 4.6.17 security and packages updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210423 - Security Advisory

Trust: 0.1

title:IBM: Security Bulletin: Apache Ant Vulnerabilities Affect IBM Control Center (CVE-2020-1945, CVE-2020-11979)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=141b2e54160a76a0f41beef4db28270e

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=0bf006d622ea4a9435b282864e760566

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c47c09015d1429df4a71453000607351

Trust: 0.1

sources: VULMON: CVE-2020-11979 // JVNDB: JVNDB-2020-012067 // CNNVD: CNNVD-202010-015

EXTERNAL IDS

db:NVDid:CVE-2020-11979

Trust: 3.0

db:PACKETSTORMid:160093

Trust: 0.8

db:PACKETSTORMid:161644

Trust: 0.8

db:PACKETSTORMid:161454

Trust: 0.8

db:JVNDBid:JVNDB-2020-012067

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021042112

Trust: 0.6

db:CS-HELPid:SB2021042640

Trust: 0.6

db:CS-HELPid:SB2021072823

Trust: 0.6

db:CS-HELPid:SB2022042536

Trust: 0.6

db:CS-HELPid:SB2021042536

Trust: 0.6

db:CS-HELPid:SB2022012312

Trust: 0.6

db:CS-HELPid:SB2021042319

Trust: 0.6

db:CS-HELPid:SB2021072778

Trust: 0.6

db:AUSCERTid:ESB-2022.6025

Trust: 0.6

db:AUSCERTid:ESB-2021.0771

Trust: 0.6

db:AUSCERTid:ESB-2021.0599

Trust: 0.6

db:AUSCERTid:ESB-2021.0315

Trust: 0.6

db:AUSCERTid:ESB-2023.1653

Trust: 0.6

db:CNNVDid:CNNVD-202010-015

Trust: 0.6

db:PACKETSTORMid:161647

Trust: 0.2

db:CNVDid:CNVD-2020-57125

Trust: 0.1

db:VULHUBid:VHN-164611

Trust: 0.1

db:VULMONid:CVE-2020-11979

Trust: 0.1

sources: VULHUB: VHN-164611 // VULMON: CVE-2020-11979 // JVNDB: JVNDB-2020-012067 // PACKETSTORM: 160093 // PACKETSTORM: 161644 // PACKETSTORM: 161454 // PACKETSTORM: 161647 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202010-015 // NVD: CVE-2020-11979

REFERENCES

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 2.3

url:https://security.gentoo.org/glsa/202011-18

Trust: 1.9

url:https://github.com/gradle/gradle/security/advisories/ghsa-j45w-qrgf-25vm

Trust: 1.8

url:https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3cdev.ant.apache.org%3e

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-11979

Trust: 1.8

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.7

url:https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/u3nrqq7ecii4zngw7gbc225lvympqekb/

Trust: 1.0

url:https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/aalw42fwnq35f7kb3jvrc6nbvv7aayyi/

Trust: 1.0

url:https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3cdev.creadur.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dybrn5c2rw7jry75ib7q7zvkzchwaqws/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/u3nrqq7ecii4zngw7gbc225lvympqekb/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dybrn5c2rw7jry75ib7q7zvkzchwaqws/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/aalw42fwnq35f7kb3jvrc6nbvv7aayyi/

Trust: 0.8

url:https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3cdev.creadur.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3cdev.creadur.apache.org%3e

Trust: 0.7

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-ant-affects-ibm-spectrum-symphony/

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-gradle-version-in-ibp-javaenv-and-dind-images-depends-on-vulnerable-apache-ant/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0315/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0599

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042536

Trust: 0.6

url:https://packetstormsecurity.com/files/160093/gentoo-linux-security-advisory-202011-18.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072778

Trust: 0.6

url:https://www.oracle.com/security-alerts/cpujul2021.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042112

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-apache-ant-as-used-by-ibm-qradar-siem-is-vulnerable-to-insecure-temporary-files-cve-2020-11979/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012312

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-ant-information-disclosure-via-fixcrlf-task-temporary-files-permissions-33683

Trust: 0.6

url:https://packetstormsecurity.com/files/161454/red-hat-security-advisory-2021-0423-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1653

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042319

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042536

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-as-mitigation-for-cve-2020-1945-apache-ant-1-10-8-changed-the-permissions-of-temporary-files-it-created-so-that-only-the-current-user-was-allowed-to-access-them/

Trust: 0.6

url:https://packetstormsecurity.com/files/161644/red-hat-security-advisory-2021-0429-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-apache-ant-vulnerabilities-affect-ibm-control-center-cve-2020-1945-cve-2020-11979/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0771

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072823

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6025

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042640

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-1945

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-1945

Trust: 0.3

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:https://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-11979

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-21607

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21606

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21608

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21609

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21602

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21608

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21603

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21603

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21611

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21605

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21610

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21607

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21605

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21609

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21602

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21604

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21604

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21615

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21610

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21615

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21606

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21611

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971612

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://security.gentoo.org/glsa/202007-34

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.5/updating/updating-cluster

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0429

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0428

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/updating/updating-cluster

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0423

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel

Trust: 0.1

url:https://access.redhat.com/errata/rhba-2021:0424

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25658

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2308

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2306

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2306

Trust: 0.1

url:https://access.redhat.com/articles/11258.

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2308

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2307

Trust: 0.1

url:https://access.redhat.com/errata/rhba-2021:0638

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2304

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2309

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2309

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0637

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2304

Trust: 0.1

url:https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2307

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25658

Trust: 0.1

sources: VULHUB: VHN-164611 // VULMON: CVE-2020-11979 // JVNDB: JVNDB-2020-012067 // PACKETSTORM: 160093 // PACKETSTORM: 161644 // PACKETSTORM: 161454 // PACKETSTORM: 161647 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202010-015 // NVD: CVE-2020-11979

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 161644 // PACKETSTORM: 161454 // PACKETSTORM: 161647 // CNNVD: CNNVD-202010-015

SOURCES

db:VULHUBid:VHN-164611
db:VULMONid:CVE-2020-11979
db:JVNDBid:JVNDB-2020-012067
db:PACKETSTORMid:160093
db:PACKETSTORMid:161644
db:PACKETSTORMid:161454
db:PACKETSTORMid:161647
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202010-015
db:NVDid:CVE-2020-11979

LAST UPDATE DATE

2024-11-23T19:35:47.808000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-164611date:2022-05-12T00:00:00
db:VULMONid:CVE-2020-11979date:2021-04-19T00:00:00
db:JVNDBid:JVNDB-2020-012067date:2021-04-22T08:19:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202010-015date:2023-03-21T00:00:00
db:NVDid:CVE-2020-11979date:2024-11-21T04:59:02.170

SOURCES RELEASE DATE

db:VULHUBid:VHN-164611date:2020-10-01T00:00:00
db:VULMONid:CVE-2020-11979date:2020-10-01T00:00:00
db:JVNDBid:JVNDB-2020-012067date:2021-04-22T00:00:00
db:PACKETSTORMid:160093date:2020-11-16T17:15:41
db:PACKETSTORMid:161644date:2021-03-03T15:53:12
db:PACKETSTORMid:161454date:2021-02-18T14:14:45
db:PACKETSTORMid:161647date:2021-03-03T15:53:58
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202010-015date:2020-10-01T00:00:00
db:NVDid:CVE-2020-11979date:2020-10-01T20:15:13.033