CVE-2020-15824 vulnerability in JetBrains and Other Products
Published on August 8, 2020
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
Products Associated with CVE-2020-15824
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-15824 are published in these products:
Vulnerable Packages
The following package name and versions may be associated with CVE-2020-15824
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| maven | org.glassfish.jersey.core:jersey-common | >= 3.0.0, <= 3.0.1 | 3.0.2 |
| maven | org.postgresql:postgresql | >= 42.2.0, < 42.2.27 | 42.2.27 |
| maven | org.postgresql:postgresql | > 42.3.0, < 42.3.8 | 42.3.8 |
| maven | org.postgresql:postgresql | >= 42.4.0, < 42.4.3 | 42.4.3 |
| maven | org.postgresql:postgresql | >= 42.5.0, < 42.5.1 | 42.5.1 |
| maven | org.glassfish.jersey.core:jersey-common | >= 2.28, <= 2.33 | 2.34 |
| maven | junit:junit | >= 4.7, < 4.13.1 | 4.13.1 |
| maven | io.netty:netty-codec-http | < 4.1.59 | 4.1.59.Final |
| maven | org.mortbay.jetty:jetty-webapp | < 9.4.33 | 9.4.33 |
| maven | org.eclipse.jetty:jetty-webapp | < 9.4.33 | 9.4.33 |
Exploit Probability
EPSS
0.02%
Percentile
5.65%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.