Stored XSS Vulnerability in JetBrains Hub
CVE-2022-29811

6.1MEDIUM

Key Information:

Vendor: Jetbrains
Status: Hub
Vendor: CVE Published:; 28 April 2022

Summary

A stored Cross-Site Scripting (XSS) vulnerability exists in JetBrains Hub that allows attackers to inject malicious scripts via the project icon. This flaw enables the execution of arbitrary JavaScript code in a user's browser when the project icon is accessed, potentially compromising user data and allowing for various types of attacks. The vulnerability affects versions of JetBrains Hub prior to 2022.1.14638, making it essential for users to update to avoid exploitation.

Affected Version(s)

Hub 2022.1.14638

References

https://www.jetbrains.com/privacy-security/issues-fixed/

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 28, 2022
Vulnerability Reserved
Apr 27, 2022

Credit

Julian Muñoz