CVE-2020-29582
Incorrect Default Permissions in JetBrains Kotlin
5.3
MEDIUM
CVSS 3.1
EPSS 0.00%
Description
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
How to fix CVE-2020-29582
To remediate CVE-2020-29582, upgrade the affected package to a fixed version below.
- Debian/kotlin—no fix listed
- —upgrade to 1.4.21 or later
Is CVE-2020-29582 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0
- from 0, < 1.4.21
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |