CVE-2020-1945
Sensitive Information Leak vulnerability in org.apache.ant:ant
What is CVE-2020-1945 About?
This vulnerability in Apache Ant allows for sensitive information leakage and potential injection of malicious files into the build process. It occurs because Ant tasks use a predictable temporary directory, making it relatively easy to exploit by an attacker who can interact with the build system.
Affected Software
- org.apache.ant:ant
- >1.10.0, <1.10.8
- >1.1, <1.9.15
Technical Details
Apache Ant versions 1.1 to 1.9.14 and 1.10.0 to 1.10.7 utilize the Java system property `java.io.tmpdir` to identify the default temporary directory for various tasks. This practice can lead to sensitive information being leaked if other processes access this predictable temporary location. Furthermore, tasks such as `fixcrlf` and `replaceregexp` copy files from this temporary directory back into the build tree. An attacker could exploit this by placing modified source files in the temporary directory, which would then be incorporated into the official build process, potentially leading to supply chain compromise.
What is the Impact of CVE-2020-1945?
Successful exploitation may allow attackers to disclose sensitive data, inject malicious code into the build process, or corrupt build artifacts, leading to wider system compromises or unexpected application behavior.
What is the Exploitability of CVE-2020-1945?
Exploitation of this vulnerability requires an attacker to have access to the system where Apache Ant is running and knowledge of the temporary directory being used. The complexity is low to medium, as it relies on predictable file paths. No specific authentication is explicitly mentioned, but local file system access is a prerequisite, implying either local access or remote code execution capability to place files. The risk is increased in shared environments or systems where build processes are not isolated.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2020-1945?
Available Upgrade Options
- org.apache.ant:ant
- >1.1, <1.9.15 → Upgrade to 1.9.15
- org.apache.ant:ant
- >1.10.0, <1.10.8 → Upgrade to 1.10.8
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/
- https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E
- https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://usn.ubuntu.com/4380-1
- https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html
- https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E
- https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html
What are Similar Vulnerabilities to CVE-2020-1945?
Similar Vulnerabilities: CVE-2017-1000382 , CVE-2018-1000008 , CVE-2018-1000832 , CVE-2019-10758 , CVE-2021-3923
