PT-2024-4818 · Jetbrains · Jetbrains Hub

Published

2024-06-18

Updated

2024-08-23

CVE-2024-38507

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions: JetBrains Hub versions prior to 2024.2.34646

Description: The issue is related to stored XSS via project description, which could allow a remote attacker to conduct a cross-site scripting attack. This is due to the lack of protection measures for the web page structure.

Recommendations: For versions prior to 2024.2.34646, update to version 2024.2.34646 or later to resolve the issue. As a temporary workaround, consider restricting the ability to edit project descriptions to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2024-05342

CVE-2024-38507

Affected Products

Jetbrains Hub

PT-2024-4818 · Jetbrains · Jetbrains Hub

CVE-2024-38507

Weakness Enumeration

Related Identifiers

Affected Products

References · 5