Cleartext HTTP Connection Vulnerability in JetBrains Toolbox by JetBrains
CVE-2019-14959

5.9MEDIUM

Key Information:

Vendor: Jetbrains
Status: Toolbox
Vendor: CVE Published:; 2 October 2019

Summary

The JetBrains Toolbox application prior to version 1.15.5605 was found to resolve internal URLs using a cleartext HTTP connection. This flaw enables potential eavesdroppers to intercept sensitive information transmitted over the network, posing risks to user data and privacy. It is crucial for users to update to the latest version to mitigate these risks and enhance their security posture.

References

https://blog.jetbrains.com/blog/2019/09/26/jetbrains-secu...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 2, 2019
Vulnerability Reserved
Aug 12, 2019