5.3
CVE-2020-29582
- EPSS 0%
- Veröffentlicht 03.02.2021 16:15:13
- Zuletzt bearbeitet 21.11.2024 05:24:15
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginIn JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Communications Cloud Native Core Policy Version1.14.0
Oracle ≫ Communications Cloud Native Core Service Communication Proxy Version1.14.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0% | 0.001 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.