CVE-2020-15824
First published: Sat Aug 08 2020(Updated: )
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| JetBrains Kotlin | =1.4.0-milestone1 | |
| JetBrains Kotlin | =1.4.0-milestone2 | |
| JetBrains Kotlin | =1.4.0-milestone3 | |
| JetBrains Kotlin | =1.4.0-rc | |
| Oracle Banking Extensibility Workbench | =14.2 | |
| Oracle Banking Extensibility Workbench | =14.3 | |
| Oracle Banking Extensibility Workbench | =14.5 | |
| Oracle Communications Cloud Native Core Policy | =1.14.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2020/12/06/1
- https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/
- https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E
- https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E
- https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E
- https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E
- https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E
- collector/nvd-index
- agent/weakness
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/jetbrains
- canonical/jetbrains kotlin
- version/jetbrains kotlin/1.4.0-milestone1
- version/jetbrains kotlin/1.4.0-milestone2
- version/jetbrains kotlin/1.4.0-milestone3
- version/jetbrains kotlin/1.4.0-rc
- vendor/oracle
- canonical/oracle banking extensibility workbench
- version/oracle banking extensibility workbench/14.2
- version/oracle banking extensibility workbench/14.3
- version/oracle banking extensibility workbench/14.5
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/1.14.0