CVE-2020-29582

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-29582

CGA ID

CGA-crm9-p3mr-qc4q

Severity

5.3

Medium

CVSS V3

Description

In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.

References

https://images.chainguard.dev/security/CGA-crm9-p3mr-qc4q
https://github.com/advisories/GHSA-cqj8-47ch-rvvq
https://blog.jetbrains.com
https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2020-29582

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2020-29582

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources