CVE-2020-29582
First published: Wed Feb 03 2021(Updated: )
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kotlin | <1.4.21 | 1.4.21 |
| JetBrains Kotlin | <1.4.21 | |
| Oracle Communications Cloud Native Core Network Slice Selection Function | =1.2.1 | |
| Oracle Communications Cloud Native Core Policy | =1.14.0 | |
| Oracle Communications Cloud Native Core Service Communication Proxy | =1.14.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-29582 https://nvd.nist.gov/vuln/detail/CVE-2020-29582 https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/
- https://bugzilla.redhat.com/show_bug.cgi?id=1930291
- https://access.redhat.com/errata/RHSA-2021:3205
- https://access.redhat.com/errata/RHSA-2021:3207
- https://access.redhat.com/errata/RHSA-2022:5532
- https://access.redhat.com/security/cve/cve-2020-29582
- https://blog.jetbrains.com
- https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/
- https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2020-29582?
CVE-2020-29582 is a vulnerability in JetBrains Kotlin before version 1.4.21 that allows an attacker to read data from temporary files and list directories due to insecure permissions.
What is the severity of CVE-2020-29582?
CVE-2020-29582 has a severity score of 5.3, which is considered medium.
How can I fix CVE-2020-29582?
To fix CVE-2020-29582, update JetBrains Kotlin to version 1.4.21 or higher.
Where can I find more information about CVE-2020-29582?
You can find more information about CVE-2020-29582 at the following references: [CVE.org](https://www.cve.org/CVERecord?id=CVE-2020-29582), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2020-29582), [JetBrains Security Bulletin](https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=1930291), [Red Hat Errata](https://access.redhat.com/errata/RHSA-2021:3205).
What is the Common Weakness Enumeration (CWE) for CVE-2020-29582?
The Common Weakness Enumeration (CWE) for CVE-2020-29582 is CWE-276.
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/severity
- agent/weakness
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-29582
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/event
- agent/description
- agent/trending
- agent/tags
- agent/source
- vendor/jetbrains
- canonical/jetbrains kotlin
- vendor/oracle
- canonical/oracle communications cloud native core network slice selection function
- version/oracle communications cloud native core network slice selection function/1.2.1
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/1.14.0
- canonical/oracle communications cloud native core service communication proxy
- version/oracle communications cloud native core service communication proxy/1.14.0
- package-manager/redhat