Unsigned Binary Vulnerability in JetBrains Rider by JetBrains
CVE-2020-7906

7.5HIGH

Key Information:

Vendor: Jetbrains
Status: Rider
Vendor: CVE Published:; 30 January 2020

What is CVE-2020-7906?

In versions 2019.3 EAP2 through 2019.3 EAP7 of JetBrains Rider, the software included unsigned binaries provided by the Windows installer. This issue could lead to potential security risks, as unauthorized modifications to the binaries may go undetected. The vulnerability was addressed in version 2019.3, ensuring that users are protected with signed binaries in future installations.

References

https://blog.jetbrains.com

x_refsource_MISC

https://blog.jetbrains.com/blog/2020/01/24/jetbrains-secu...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2020
Vulnerability Reserved
Jan 22, 2020

Jetbrains

What is CVE-2020-7906?

References

CVSS V3.1

Timeline