Reflected XSS Vulnerability in JetBrains Hub by JetBrains
CVE-2022-25259

6.1MEDIUM

Key Information:

Vendor
Jetbrains
Status
Hub
Vendor
CVE Published:
25 February 2022

Summary

JetBrains Hub versions prior to 2021.1.14276 are susceptible to a reflected cross-site scripting (XSS) vulnerability. This flaw could allow an attacker to inject malicious scripts into web pages viewed by unsuspecting users, potentially compromising sensitive data and user sessions. Users are encouraged to upgrade to the latest version to mitigate the risk and enhance their application's security.

References

https://blog.jetbrains.com
x_refsource_MISC
https://www.jetbrains.com/privacy-security/issues-fixed/
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.