As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.

An update of the apache package has been released.

This plugin has been deprecated as it does not adhere to established standards for this style of check.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4022-1 advisory.

  - As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so     that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the     temporary file and created a new one without said protection, effectively nullifying the effort. This     would still allow an attacker to inject modified source files into the build process. (CVE-2020-11979)

  - Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java     system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and     replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an     attacker to inject modified source files into the build process. (CVE-2020-1945)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0429 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing     Kubernetes application platform solution designed for on-premise or private     cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container     Platform 4.5.33. See the following advisory for the container images for     this release:

    https://access.redhat.com/errata/RHSA-2021:0428

    Security Fix(es):

    * jenkins:  XSS vulnerability in notification bar (CVE-2021-21603)

    * jenkins:  Improper handling of REST API XML deserialization errors (CVE-2021-21604)

    * jenkins:  Path traversal vulnerability in agent names (CVE-2021-21605)

    * jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)

    * jenkins:  Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)

    * jenkins:  Stored XSS vulnerability on new item page (CVE-2021-21611)

    * ant: insecure temporary file vulnerability (CVE-2020-1945)

    * ant: insecure temporary file (CVE-2020-11979)

    * jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)

    * jenkins:  Arbitrary file existence check in file fingerprints (CVE-2021-21606)

    * jenkins:  Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)

    * jenkins: Filesystem traversal by privileged users (CVE-2021-21615)

    * jenkins:  Missing permission check for paths with specific prefix (CVE-2021-21609)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0637 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing     Kubernetes application platform solution designed for on-premise or private     cloud deployments.

    Security Fix(es):

    * jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks     (CVE-2020-2304)

    * jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks     (CVE-2020-2305)

    * ant: Insecure temporary file vulnerability (CVE-2020-1945)

    * jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information     disclosure (CVE-2020-2306)

    * jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes     plug-in (CVE-2020-2307)

    * jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates     (CVE-2020-2308)

    * jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes plug-in allows enumerating     credentials IDs (CVE-2020-2309)

    * ant: Insecure temporary file (CVE-2020-11979)

    * python-rsa: Bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page(s) listed in the References section.

    This advisory contains the RPM packages for Red Hat OpenShift Container     Platform 3.11.394. See the following advisory for the container images for this release:

    https://access.redhat.com/errata/RHBA-2021:0638

    Space precludes documenting all of the container images in this advisory. See the following Release Notes     documentation, which will be updated shortly for this release, for details about these changes:

    https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html

    This update fixes the following bugs among others:

    * Previously, the restart-cluster playbook did not evaluate the defined cluster size for ops clusters.
    This was causing come clusters to never complete their restart. This bug fix passes the logging ops     cluster size, allowing restarts of ops clusters to complete successfully. (BZ#1879407)

    * Previously, the `openshift_named_certificates` role checked the contents of the `ca-bundle.crt` file     during cluster installation. This caused the check to fail during initial installation because the `ca-     bundle.crt` file is not yet created in that scenario. This bug fix allows the cluster to skip checking the     `ca-bundle.crt` file if it does not exist, resulting in initial installations succeeding. (BZ#1920567)

    * Previously, if the `openshift_release` attribute was not set in the Ansible inventory file, the nodes of     the cluster would fail during an upgrade. This was caused by the `cluster_facts.yml` file being gathered     before the `openshift_release` attribute was defined by the upgrade playbook. Now the `cluster_facts.yml`     file is gathered after the `openshift_version` role runs and the `openshift_release` attribute is set,     allowing for successful node upgrades. (BZ#1921353)

    All OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0423 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing     Kubernetes application platform solution designed for on-premise or private     cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container     Platform 4.6.17. See the following advisory for the container images for     this release:

    https://access.redhat.com/errata/RHBA-2021:0424

    Security Fix(es):

    * jenkins:  XSS vulnerability in notification bar (CVE-2021-21603)

    * jenkins:  Improper handling of REST API XML deserialization errors (CVE-2021-21604)

    * jenkins:  Path traversal vulnerability in agent names (CVE-2021-21605)

    * jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)

    * jenkins:  Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)

    * jenkins:  Stored XSS vulnerability on new item page (CVE-2021-21611)

    * ant: insecure temporary file vulnerability (CVE-2020-1945)

    * ant: insecure temporary file (CVE-2020-11979)

    * jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)

    * jenkins:  Arbitrary file existence check in file fingerprints (CVE-2021-21606)

    * jenkins:  Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)

    * jenkins: Filesystem traversal by privileged users (CVE-2021-21615)

    * jenkins:  Missing permission check for paths with specific prefix (CVE-2021-21609)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the version of the ant packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - As mitigation for CVE-2020-1945 Apache Ant 1.10.8     changed the permissions of temporary files it created     so that only the current user was allowed to access     them. Unfortunately the fixcrlf task deleted the     temporary file and created a new one without said     protection, effectively nullifying the effort. This     would still allow an attacker to inject modified source     files into the build process.(CVE-2020-11979)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote host is 16.x prior to 16.2.16.4 or 17.x prior to 17.12.11.6 or 18.x prior to 18.8.18.3 or 19.x prior to 19.12.13 or 20.x prior to 20.12.1. It is, therefore, affected by  multiple vulnerabilities as referenced in the January 2021 CPU advisory.

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform     (MPXJ)). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8, 19.12 and 20.12. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Primavera Unifier. Successful attacks of this vulnerability can result in takeover of Primavera Unifier.
    (CVE-2020-25020)

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Core,     Config (Apache Ant)). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8, 19.12 and     20.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to     compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized     creation, deletion or modification access to critical data or all Primavera Unifier accessible data.
    (CVE-2020-11979)

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Core     (Apache Commons BeanUtils)). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8, 19.12     and 20.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized     update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read     access to a subset of Primavera Unifier accessible data and unauthorized ability to cause a partial denial     of service (partial DOS) of Primavera Unifier. (CVE-2019-10086)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the January 2021 CPU advisory.

  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin     (Apache Ant)). Supported versions that are affected are 16.2.0-16.2.11 and 17.12.0-17.12.9. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized creation, deletion     or modification access to critical data or all Primavera Gateway accessible data. (CVE-2020-11979)

  - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin     (Spring Framework)). Supported versions that are affected are 16.2.0-16.2.11, 17.12.0-17.12.9,     18.8.0-18.8.10 and 19.12.0-19.12.10. Difficult to exploit vulnerability allows low privileged attacker     with network access via HTTP to compromise Primavera Gateway. Successful attacks require human interaction     from a person other than the attacker and while the vulnerability is in Primavera Gateway, attacks may     significantly impact additional products. Successful attacks of this vulnerability can result in     unauthorized creation, deletion or modification access to critical data or all Primavera Gateway     accessible data as well as unauthorized read access to a subset of Primavera Gateway accessible data.
    (CVE-2020-5421)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202011-18 (Apache Ant: Insecure temporary file)

    A previous fix for a security vulnerability involving insecure temporary       files has been found to be incomplete.
  Impact :

    A local attacker could perform symlink attacks to overwrite arbitrary       files with the privileges of the user running the application.
  Workaround :

    There is no known workaround at this time.

Update to version 1.10.9.

Addresses CVE-2020-11979

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
202841	Photon OS 4.0: Apache PHSA-2021-4.0-0036	Nessus	PhotonOS Local Security Checks	high
196576	RHEL 7 : ant (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	high
196531	RHEL 6 : ant (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	high
167779	SUSE SLES12 Security Update : ant (SUSE-SU-2022:4022-1)	Nessus	SuSE Local Security Checks	high
147015	RHEL 7 / 8 : OpenShift Container Platform 4.5.33 (RHSA-2021:0429)	Nessus	Red Hat Local Security Checks	high
147013	RHEL 7 : OpenShift Container Platform 3.11.394 (RHSA-2021:0637)	Nessus	Red Hat Local Security Checks	high
146566	RHEL 8 : OpenShift Container Platform 4.6.17 (RHSA-2021:0423)	Nessus	Red Hat Local Security Checks	high
145709	EulerOS 2.0 SP8 : ant (EulerOS-SA-2021-1133)	Nessus	Huawei Local Security Checks	high
145569	Oracle Primavera Unifier (Jan 2021 CPU)	Nessus	CGI abuses	critical
145223	Oracle Primavera Gateway (Jan 2021 CPU)	Nessus	CGI abuses	high
142932	GLSA-202011-18 : Apache Ant: Insecure temporary file	Nessus	Gentoo Local Security Checks	high
141900	Fedora 33 : ant (2020-2640aa4e19)	Nessus	Fedora Local Security Checks	high
141895	Fedora 32 : ant (2020-92b1d001b3)	Nessus	Fedora Local Security Checks	high
141887	Fedora 31 : ant (2020-3ce0f55bc5)	Nessus	Fedora Local Security Checks	high
141866	Photon OS 3.0: Apache PHSA-2020-3.0-0155	Nessus	PhotonOS Local Security Checks	high
141860	Photon OS 1.0: Apache PHSA-2020-1.0-0335	Nessus	PhotonOS Local Security Checks	high
141642	Photon OS 2.0: Apache PHSA-2020-2.0-0291	Nessus	PhotonOS Local Security Checks	high

Detections

Analytics

CVE-2020-11979

high

Tenable Plugins

high

high

high

high

high

high

high

high

critical

high

high

high

high

high

high

high

high