Vulnerability Description
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jetbrains | Kotlin | 1.4.0 |
| Oracle | Banking Extensibility Workbench | 14.2 |
| Oracle | Communications Cloud Native Core Policy | 1.14.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2020/12/06/1Mailing ListThird Party Advisory
- https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/Vendor Advisory
- https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f
- https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f
- https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f
- https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad
- https://www.oracle.com/security-alerts/cpujan2022.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2020/12/06/1Mailing ListThird Party Advisory
- https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/Vendor Advisory
- https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f
- https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f
- https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f
- https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad
- https://www.oracle.com/security-alerts/cpujan2022.htmlPatchThird Party Advisory
FAQ
What is CVE-2020-15824?
CVE-2020-15824 is a vulnerability with a CVSS score of 8.8 (HIGH). In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cach...
How severe is CVE-2020-15824?
CVE-2020-15824 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15824?
Check the references section above for vendor advisories and patch information. Affected products include: Jetbrains Kotlin, Oracle Banking Extensibility Workbench, Oracle Communications Cloud Native Core Policy.