GHSA-cqj8-47ch-rvvq
Suggest an improvement- Source
- https://github.com/advisories/GHSA-cqj8-47ch-rvvq
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cqj8-47ch-rvvq/GHSA-cqj8-47ch-rvvq.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-cqj8-47ch-rvvq
- Aliases
- Published
- 2022-05-24T17:40:48Z
- Modified
- 2024-02-21T05:37:16.716957Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Incorrect Default Permissions in JetBrains Kotlin
- Details
-
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
- Database specific
{ "severity": "MODERATE", "cwe_ids": [ "CWE-276" ], "nvd_published_at": "2021-02-03T16:15:00Z", "github_reviewed_at": "2022-06-23T18:04:48Z", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-29582
- https://blog.jetbrains.com
- https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020
- https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
Affected packages
Maven / org.jetbrains.kotlin:kotlin-stdlib
Package
- Name
- org.jetbrains.kotlin:kotlin-stdlib
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jetbrains.kotlin/kotlin-stdlib
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.4.21
Affected versions
0.*
0.0.1-test-deploy
0.0.2-test-deploy
0.5.998
0.5.1131
0.6.22
0.6.31
0.6.69
0.6.179
0.6.317
0.6.350
0.6.594
0.6.602
0.6.786
0.6.800
0.6.912
0.6.1070
0.6.1315
0.6.1411
0.6.1507
0.6.1590
0.6.1603
0.6.1617
0.6.1658
0.6.1670
0.6.1673
0.6.1910
0.6.2451
0.6.2517
0.7.5
0.7.86
0.7.115
0.7.191
0.7.258
0.7.270
0.7.271
0.7.802
0.7.852
0.7.895
0.7.1090
0.7.1217
0.8.11
0.8.484
0.8.679
0.8.1527
0.9.0-native
0.9.1-native
0.9.66
0.9.206
0.9.976
0.10.4
0.10.195
0.10.709
0.10.770
0.10.1316
0.11.91
0.11.91.1
0.11.91.2
0.11.91.4
0.12.200
0.12.213
0.12.412
0.12.613
0.12.1218
0.12.1230
0.13.1513
0.13.1514
0.13.1516
0.14.449
0.14.451
1.*
1.0.0-beta-1038
1.0.0-beta-1103
1.0.0-beta-2417
1.0.0-beta-2422
1.0.0-beta-2423
1.0.0-beta-3593
1.0.0-beta-3594
1.0.0-beta-3595
1.0.0-beta-4583
1.0.0-beta-4584
1.0.0-beta-4589
1.0.0-rc-1036
1.0.0
1.0.1
1.0.1-1
1.0.1-2
1.0.2
1.0.2-1
1.0.3
1.0.4
1.0.5
1.0.5-2
1.0.5-3
1.0.6
1.0.7
1.1.0
1.1.1
1.1.2
1.1.2-2
1.1.2-3
1.1.2-4
1.1.2-5
1.1.3
1.1.3-2
1.1.4
1.1.4-2
1.1.4-3
1.1.50
1.1.51
1.1.60
1.1.61
1.2.0
1.2.10
1.2.20
1.2.21
1.2.30
1.2.31
1.2.40
1.2.41
1.2.50
1.2.51
1.2.60
1.2.61
1.2.70
1.2.71
1.3.0-rc-190
1.3.0-rc-198
1.3.0
1.3.10
1.3.11
1.3.20
1.3.21
1.3.30
1.3.31
1.3.40
1.3.41
1.3.50
1.3.60
1.3.61
1.3.70
1.3.71
1.3.72
1.4.0-rc
1.4.0
1.4.10
1.4.20-M1
1.4.20-M2
1.4.20-RC
1.4.20