8.8

CVE-2020-15824

EPSS 0.03%
Published 08.08.2020 21:15:11
Last modified 21.11.2024 05:06:15
Source cve@mitre.org
Teams watchlist Login
Open Login

In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.

Affected products Warnungen 0 Metrics 3 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

JetBrains ≫ Kotlin Version1.4.0 Updatemilestone1

JetBrains ≫ Kotlin Version1.4.0 Updatemilestone2

JetBrains ≫ Kotlin Version1.4.0 Updatemilestone3

JetBrains ≫ Kotlin Version1.4.0 Updaterc

Oracle ≫ Banking Extensibility Workbench Version14.2

Oracle ≫ Banking Extensibility Workbench Version14.3

Oracle ≫ Banking Extensibility Workbench Version14.5

Oracle ≫ Communications Cloud Native Core Policy Version1.14.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.053

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://www.oracle.com/security-alerts/cpujan2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Third Party Advisory

http://www.openwall.com/lists/oss-security/2020/12/06/1

Third Party Advisory

Mailing List

https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E

https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E

https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E

https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-15824

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15824

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15824

EUVD