PT-2020-14653 · Jetbrains · Kotlin
Published
2020-08-08
·
Updated
2022-03-03
·
CVE-2020-15824
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
JetBrains Kotlin versions 1.4-M1 through 1.4-RC
Description
The issue is related to a script-cache privilege escalation due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default. This is caused by the caching of scripts in a shared directory.
Recommendations
For versions 1.4-M1 through 1.4-RC, update to version 1.4.0 to resolve the issue. As a temporary workaround, consider restricting access to the system temp directory to minimize the risk of exploitation.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kotlin