Unsigned Binary Vulnerability in JetBrains Rider by JetBrains
CVE-2020-7906

7.5HIGH

Key Information:

Vendor
Jetbrains
Status
Rider
Vendor
CVE Published:
30 January 2020

Summary

In versions 2019.3 EAP2 through 2019.3 EAP7 of JetBrains Rider, the software included unsigned binaries provided by the Windows installer. This issue could lead to potential security risks, as unauthorized modifications to the binaries may go undetected. The vulnerability was addressed in version 2019.3, ensuring that users are protected with signed binaries in future installations.

References

https://blog.jetbrains.com
x_refsource_MISC
https://blog.jetbrains.com/blog/2020/01/24/jetbrains-secu...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.