VDB
CVE-2020-15824
CVE-2020-15824
PUBLISHED
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
EPSS 0.02% · 6.5th percentile
Risk Scores
EPSS Score
0.02%
6.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | kotlin | 0, * |
| Ubuntu:25.10 | kotlin | 1.3.31+ds1-3, 0, 1.3.31+ds1-2 |
| Ubuntu:24.04:LTS | kotlin | 0, 1.3.31+ds1-1ubuntu1, 1.3.31+ds1-1build5 |
Exploit Intelligence
- [groovy-users] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure (circl)
- [groovy-dev] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure (circl)
- [oss-security] 20201206 [CVE-2020-17521]: Apache Groovy Information Disclosure (circl)
- [announce] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure (circl)
- [groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure (circl)
- https://www.oracle.com/security-alerts/cpuoct2021.html (circl)
- https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/ (circl)
- https://www.oracle.com/security-alerts/cpujan2022.html (circl)
- dependency-check-suppression.xml (github-poc)
- dependency-check-suppression.xml (github-poc)
…and 3 more exploits
Timeline
- CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 8, 2022 EPSS Score
- Mar 2, 2022 EPSS Score
- Mar 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-15824 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-15824 third-party-advisory