CVE-2020-29582 — Incorrect Default Permissions in Kotlin

CWE-276 — Incorrect Default Permissions11 documents7 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 99.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jetbrains Kotlin Oracle Communications Cloud Native Core Network Slice Selection Function Oracle Communications Cloud Native Core Policy +1 more

Timeline

PublishedFeb 3

Latest updateOct 15

Description

In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶NVDjetbrains/kotlin< 2.1.0

▶Debianjetbrains/kotlin< 1.3.31+ds1-3+1

▶NVDoracle/communications_cloud_native_core_policy1.14.0

▶NVDoracle/communications_cloud_native_core_service_communication_proxy1.14.0

▶NVDoracle/communications_cloud_native_core_network_slice_selection_function1.2.1

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

Incorrect Default Permissions in JetBrains Kotlin↗2022-05-24

▶

OSV

Incorrect Default Permissions in JetBrains Kotlin↗2022-05-24

▶

OSV

CVE-2020-29582: In JetBrains Kotlin before 1↗2021-02-03

▶

CVEList

CVE-2020-29582: In JetBrains Kotlin before 1↗2021-02-03

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Platform (JetBrains Kotlin) — CVE-2020-29582↗2022-10-15

▶

Oracle

Oracle Oracle Communications Risk Matrix: Policy (Kotlin) — CVE-2020-29582↗2022-04-15

▶

Oracle

Oracle Oracle Communications Risk Matrix: SCP (Kotlin) — CVE-2020-29582↗2022-01-15

▶

Oracle

Oracle Oracle Communications Risk Matrix: Signaling (Calico) — CVE-2020-29582↗2021-07-15

▶

Red Hat

kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure↗2021-02-03

▶