Session ID Exposure in JetBrains Code With Me for Local Network Attacks
CVE-2021-25755

2.5LOW

Key Information:

Vendor

Jetbrains
Status
Code With Me
Vendor
CVE Published:
3 February 2021

What is CVE-2021-25755?

Prior to version 2020.3, JetBrains Code With Me contained a vulnerability that allowed an attacker on the same local network to exploit knowledge of a session ID. By leveraging this session ID, the attacker could gain unauthorized access to the encrypted traffic exchanged within the application, potentially compromising sensitive information. It is crucial for users to update to the latest version to mitigate this concern.

References

https://blog.jetbrains.com
x_refsource_MISC
https://blog.jetbrains.com/blog/2021/02/03/jetbrains-secu...
x_refsource_MISC
https://jay-from-future.github.io/cve/2021/04/02/code-wit...
x_refsource_MISC

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.