Privilege Escalation Vulnerability in JetBrains Kotlin
CVE-2020-15824

8.8HIGH

Key Information:

Vendor: Jetbrains
Status: Kotlin
Vendor: CVE Published:; 8 August 2020

🔔 Create Jetbrains Vulnerability Alert

What is CVE-2020-15824?

In JetBrains Kotlin, versions ranging from 1.4-M1 to 1.4-RC have a vulnerability that allows privilege escalation due to cached scripts being stored in the system's temporary directory. This directory is accessible by all users by default, potentially exposing sensitive functionalities. This issue does not affect Kotlin version 1.3.7x, and it has been resolved in version 1.4.0.

References

https://lists.apache.org/thread.html/ra12c3e23b021f259a20...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/ra12c3e23b021f259a20...

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2020/12/06/1

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 8, 2020
Vulnerability Reserved
Jul 19, 2020

.

CVE-2020-15824 : Privilege Escalation Vulnerability in JetBrains Kotlin