CVE-2020-29582: 
Java vulnerability analysis and mitigation

In JetBrains Kotlin before version 1.4.21, a vulnerable Java API was used for temporary file and folder creation. This vulnerability (CVE-2020-29582) was discovered and disclosed in February 2021, affecting the Kotlin programming language. The vulnerability allowed attackers to read data from temporary files and list directories due to insecure permissions (NVD).

The vulnerability stems from improper implementation of temporary file and folder creation APIs in Kotlin, which resulted in insecure default permissions. The issue has been assigned a CVSS v3.1 Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating that it is network exploitable with low attack complexity and requires no privileges or user interaction (NVD).

The vulnerability could lead to information disclosure as attackers were able to read data from temporary files and list directories due to the insecure permissions. This could potentially expose sensitive information stored in temporary files created by Kotlin applications (JetBrains Security Bulletin).

The vulnerability was fixed in Kotlin version 1.4.21. Users and organizations running affected versions should upgrade to version 1.4.21 or later to address this security issue (JetBrains Security Bulletin).