Privilege Escalation Vulnerability in JetBrains Kotlin
CVE-2020-15824

8.8HIGH

Key Information:

Vendor
Jetbrains
Status
Kotlin
Vendor
CVE Published:
8 August 2020

Summary

In JetBrains Kotlin, versions ranging from 1.4-M1 to 1.4-RC have a vulnerability that allows privilege escalation due to cached scripts being stored in the system's temporary directory. This directory is accessible by all users by default, potentially exposing sensitive functionalities. This issue does not affect Kotlin version 1.3.7x, and it has been resolved in version 1.4.0.

References

https://lists.apache.org/thread.html/ra12c3e23b021f259a20...
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/ra12c3e23b021f259a20...
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2020/12/06/1
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.