By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].
OR *cpe:2.3:a:apache:groovy:*:*:*:*:*:*:*:* versions from (including) 2.4.4 up to (excluding) 2.4.21 *cpe:2.3:a:apache:groovy:*:*:*:*:*:*:*:* versions from (including) 2.5.0 up to (excluding) 2.5.14 *cpe:2.3:a:apache:groovy:*:*:*:*:*:*:*:* versions from (including) 3.0.0 up to (excluding) 3.0.7 *cpe:2.3:a:apache:groovy:4.0.0:alpha1:*:*:*:*:*:*
Modified Analysis by NIST 3/01/2022 3:49:25 PM
Action
Type
Old Value
New Value
Added
CPE Configuration
OR *cpe:2.3:a:apache:groovy:*:*:*:*:*:*:*:* versions from (including) 2.4.4 up to (excluding) 2.4.21 *cpe:2.3:a:apache:groovy:*:*:*:*:*:*:*:* versions from (including) 2.5.0 up to (excluding) 2.5.14 *cpe:2.3:a:apache:groovy:*:*:*:*:*:*:*:* versions from (including) 3.0.0 up to (excluding) 3.0.7 *cpe:2.3:a:apache:groovy:4.0.0:alpha1:*:*:*:*:*:*
Added
CPE Configuration
OR *cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
OR *cpe:2.3:a:jetbrains:kotlin:*:*:*:*:*:*:*:* versions up to (excluding) 1.4.0
OR *cpe:2.3:a:jetbrains:kotlin:1.4.0:milestone1:*:*:*:*:*:* *cpe:2.3:a:jetbrains:kotlin:1.4.0:milestone2:*:*:*:*:*:* *cpe:2.3:a:jetbrains:kotlin:1.4.0:milestone3:*:*:*:*:*:* *cpe:2.3:a:jetbrains:kotlin:1.4.0:rc:*:*:*:*:*:*
CVE Modified by MITRE 8/20/2020 12:15:11 PM
Action
Type
Old Value
New Value
Changed
Description
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.70 is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.70 is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
Initial Analysis by NIST 8/10/2020 12:13:54 PM
Action
Type
Old Value
New Value
Added
CVSS V3.1
NIST AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added
CVSS V2
NIST (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Added
CWE
NIST CWE-269
Added
CPE Configuration
OR *cpe:2.3:a:jetbrains:kotlin:*:*:*:*:*:*:*:* versions up to (excluding) 1.4.0