CVE-2020-15824
HIGHJetBrains Kotlin 1.4-M1-1.4-RC - Privilege Escalation via System Temp Directory Script Cache
Title source: llmDescription
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
References (8)
Core 8
Core References
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/12/06/1
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2021.html
Vendor Advisory x_refsource_misc
https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2022.html
Scores
CVSS v3
8.8
EPSS
0.0002
EPSS Percentile
6.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (5)
jetbrains/kotlin
1.4.0 milestone1 (4 CPE variants)
oracle/banking_extensibility_workbench
14.2
oracle/banking_extensibility_workbench
14.3
oracle/banking_extensibility_workbench
14.5
oracle/communications_cloud_native_core_policy
1.14.0
Published
Aug 08, 2020
Tracked Since
Feb 18, 2026