Insufficient Content Security Policy in JetBrains Hub
CVE-2021-37540

6.5MEDIUM

Key Information:

Vendor: Jetbrains
Status: Hub
Vendor: CVE Published:; 6 August 2021

What is CVE-2021-37540?

A vulnerability exists in JetBrains Hub prior to version 2021.1.13262, where an insufficient Content Security Policy (CSP) is implemented for the Widget deployment feature. This flaw may allow for potential misuse of the CSP, leading to security concerns related to the deployment of widgets. Users of JetBrains Hub are encouraged to upgrade to the latest version to mitigate potential risks associated with this vulnerability.

References

https://blog.jetbrains.com/blog/2021/08/05/jetbrains-secu...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2021
Vulnerability Reserved
Jul 26, 2021

Jetbrains

What is CVE-2021-37540?

References

CVSS V3.1

Timeline