CVE-2020-15824
published 2020-08-08CVE-2020-15824: In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kotlin | — | — |
| jetbrains | kotlin | — | — |
| oracle | banking_extensibility_workbench | — | — |
| oracle | banking_extensibility_workbench | — | — |
| oracle | banking_extensibility_workbench | — | — |
| oracle | communications_cloud_native_core_policy | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ghsa8.8HIGH
osv8.8HIGH