CVE-2020-29582

In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.

Published: Feb 3, 2021
Updated: Nov 8, 2023
CVE: CVE-2020-29582
GHSA: GHSA-cqj8-47ch-rvvq
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-276

Affected Software
References

Software	From	Fixed in
jetbrains / kotlin	-	1.4.21
oracle / communications_cloud_native_core_network_slice_selection_function	1.2.1	1.2.1.x
oracle / communications_cloud_native_core_policy	1.14.0	1.14.0.x
oracle / communications_cloud_native_core_service_communication_proxy	1.14.0	1.14.0.x
org.jetbrains.kotlin / kotlin-stdlib	-	1.4.21

https://blog.jetbrains.com
https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/
https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html

Vulnerability Database

CVE-2020-29582

Deep Security Visibility Without the Complexity