5.3
CVE-2020-29582
- EPSS 0%
- Veröffentlicht 03.02.2021 16:15:13
- Zuletzt bearbeitet 21.11.2024 05:24:15
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Communications Cloud Native Core Policy Version1.14.0
Oracle ≫ Communications Cloud Native Core Service Communication Proxy Version1.14.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0% | 0.001 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.