Lucene search

K
cveMitreCVE-2020-11691
HistoryApr 22, 2020 - 2:15 p.m.

CVE-2020-11691

2020-04-2214:15:12
mitre
web.nvd.nist.gov
33
jetbrains
hub
2020.1.12099
content spoofing
oauth
error message
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

35.9%

In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.

Affected configurations

Nvd
Node
jetbrainshubRange<2020.1.12099
VendorProductVersionCPE
jetbrainshub*cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

35.9%

Related for CVE-2020-11691