CVE-2020-15824
Severity CVSS v4.0:
Pending analysis
Type:
CWE-269
Improper Privilege Management
Publication date:
08/08/2020
Last modified:
07/11/2023
Description
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:jetbrains:kotlin:1.4.0:milestone1:*:*:*:*:*:* | ||
| cpe:2.3:a:jetbrains:kotlin:1.4.0:milestone2:*:*:*:*:*:* | ||
| cpe:2.3:a:jetbrains:kotlin:1.4.0:milestone3:*:*:*:*:*:* | ||
| cpe:2.3:a:jetbrains:kotlin:1.4.0:rc:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.openwall.com/lists/oss-security/2020/12/06/1
- https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/
- https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E
- https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E
- https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html