HTML Injection Vulnerability in JetBrains Hub by JetBrains
CVE-2021-37541

6.1MEDIUM

Key Information:

Vendor: Jetbrains
Status: Hub
Vendor: CVE Published:; 6 August 2021

Summary

An HTML injection vulnerability exists in JetBrains Hub versions prior to 2021.1.13402. This weakness allows an attacker to manipulate the content of password reset emails, potentially leading to unsolicited email content delivery that could mislead users. By exploiting this flaw, attackers can inject arbitrary HTML into the reset email, potentially confusing the user and impacting trust in the email communication.

References

https://blog.jetbrains.com/blog/2021/08/05/jetbrains-secu...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 6, 2021
Vulnerability Reserved
Jul 26, 2021