CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24329
https://notcve.org/view.php?id=CVE-2022-24329
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. En JetBrains Kotlin versiones anteriores a 1.6.0, no era posible bloquear dependencias para proyectos Gradle multiplataforma. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html • CWE-667: Improper Locking •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29582 – kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure
https://notcve.org/view.php?id=CVE-2020-29582
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions. En JetBrains Kotlin versiones anteriores a 1.4.21, una API Java vulnerable era usada para la creación de archivos y carpetas temporales. Un atacante era capaz de leer datos de dichos archivos y enumerar directorios debido a permisos no seguros • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020 https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://access.redhat.com/security/cve/CVE-2020-29582 https://bugzilla.redhat.com/show_bug.cgi?id=1930291 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-15824
https://notcve.org/view.php?id=CVE-2020-15824
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default. En JetBrains Kotlin desde la versión 1.4-M1 a la 1.4-RC (ya que Kotlin versión 1.3.7x no se ve afectado por el problema. La versión corregida es la 1.4.0) se presenta una vulnerabilidad de escalada de privilegios de la caché de scripts debido a scripts kotlin-main-kts almacenados en caché en el directorio temporal del sistema, que es compartido por todos los usuarios por defecto. • http://www.openwall.com/lists/oss-security/2020/12/06/1 https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020 https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E https://lists.apache.org/thread.html/ra • CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10101
https://notcve.org/view.php?id=CVE-2019-10101
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. Las versiones de JetBrains Kotlin anteriores a la 1.3.30 estaban resolviendo artefactos utilizando una conexión http durante el proceso de construcción, lo que posiblemente permitía un ataque MITM. • https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019 https://medium.com/bugbountywriteup/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb https://security.netapp.com/advisory/ntap-20230818-0012 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10102
https://notcve.org/view.php?id=CVE-2019-10102
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30. Las versiones de framework Ktor de JetBrains (creadas con la plantilla IDE de Kotlin) en versiones anteriores a la 1.1.0 estaban resolviendo artefactos utilizando una conexión http durante el proceso de construcción, lo que posiblemente permitía un ataque MITM. Este problema se solucionó en la versión 1.3.30 del plugin de Kotlin. • https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019 https://security.netapp.com/advisory/ntap-20230818-0012 • CWE-319: Cleartext Transmission of Sensitive Information •