CVE-2020-15824

In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
jetbrainskotlin
1.4.0:milestone1
jetbrainskotlin
1.4.0:milestone2
jetbrainskotlin
1.4.0:milestone3
jetbrainskotlin
1.4.0:rc
oraclebanking_extensibility_workbench
14.2
oraclebanking_extensibility_workbench
14.3
oraclebanking_extensibility_workbench
14.5
oraclecommunications_cloud_native_core_policy
1.14.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
kotlin
bookworm
1.3.31+ds1-1
fixed
sid
1.3.31+ds1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kotlin
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
xenial
ignored
trusty
ignored
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2020/12/06/1
https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E
https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
http://www.openwall.com/lists/oss-security/2020/12/06/1
https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E
https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html