CVE-2020-29582
Insecure Permissions vulnerability in kotlin-stdlib (Maven)
What is CVE-2020-29582 About?
JetBrains Kotlin versions before 1.4.21 utilized a vulnerable Java API for temporary file and folder creation. This oversight led to insecure permissions, allowing attackers to read data from these temporary files and list directories. The exploitation is relatively simple once the temporary files are identified.
Affected Software
Technical Details
The vulnerability arises because JetBrains Kotlin, in versions prior to 1.4.21, used a Java API for creating temporary files and folders that did not adequately set secure permissions. Specifically, the generated temporary files and directories were created with world-readable permissions, or permissions that allowed unauthorized access. An attacker could exploit this by identifying the location where Kotlin applications create these temporary resources. Once located, the insecure permissions would allow the attacker to read the contents of these temporary files, which might contain sensitive data, or list the contents of temporary directories, potentially revealing other valuable information or file paths. This is a local privilege escalation vulnerability requiring prior access to the system where the temporary files are created.
What is the Impact of CVE-2020-29582?
Successful exploitation may allow attackers to read sensitive data from temporary files, access unauthorized information, or gain further insights into the system's structure.
What is the Exploitability of CVE-2020-29582?
Exploitation of this vulnerability requires local access to the system where the vulnerable Kotlin application is running and actively creating temporary files. The complexity is low, primarily involving discovering the location of the temporary files. No specific authentication to the application itself is required, but prior authenticated access to the local machine is a prerequisite. Privilege requirements are typically those of a standard user account, as the vulnerability exposes files due to overly permissive settings rather than requiring elevated privileges to bypass access controls. This is a local exploit. Risk factors that increase exploitation likelihood include the presence of sensitive data in temporary files, predictable temporary file names or locations, and a multi-user environment where untrusted users have access to the system.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2020-29582?
Available Upgrade Options
- org.jetbrains.kotlin:kotlin-stdlib
- <1.4.21 → Upgrade to 1.4.21
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://nvd.nist.gov/vuln/detail/CVE-2020-29582
- https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E
- https://osv.dev/vulnerability/GHSA-cqj8-47ch-rvvq
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://blog.jetbrains.com
What are Similar Vulnerabilities to CVE-2020-29582?
Similar Vulnerabilities: CVE-2022-21443 , CVE-2021-3653 , CVE-2020-13958 , CVE-2019-15891 , CVE-2018-1000130
