Light

yuriisanin / cve-2022-25260 Goto Github PK

View Code? Open in Web Editor NEW

4.0 1.0 3.0 527 KB

PoC for CVE-2022-25260: pre-auth semi-blind SSRF in JetBrains Hub

Python 100.00%

exploit jetbrains vulnerability cve jetbrains-hub ssrf cve-2022-25260

cve-2022-25260's Introduction

Hi there 👋

Cheatsheets (1)

Exploiting Server-Side rasterization (svg2raster-cheatsheet)

Findings (9)

Name	Product	CWE	Severity
Disclosure of built-in OAuth2 connectors' secrets. (TCC-346)	JetBrains TeamCity (Cloud)	CWE-522	High
Session takeover via OAuth client manipulation. (TCC-347, TCC-349, TCC-351)	JetBrains TeamCity (Cloud)	CWE-345	High
Session takeover using open redirect misconfiguration. (TCC-348)	JetBrains TeamCity (Cloud)	CWE-601	High
VCS credentials disclosure via repository URL manipulation. (TCC-355, TCC-358)	JetBrains TeamCity (Cloud)	CWE-522	Medium
Session takeover using an open redirect in OAuth integration	JetBrains TeamCity (Cloud)	CEW-601	High
JWT token takeover using a open redirect misconfiguration	JetBrains Datalore	CWE-601	High
Path Traversal allows local file reading	JetBrains Marketplace	CWE-22	High
Blind Server-Side Request Forgery (SSRF) via calendar import	JetBrains Space	CWE-918	Medium

CVEs (19)

CVE	Product	CWE	Severity
CVE-2022-45771	PwnDoc	CWE-?	8.8 / High
CVE-2022-45026	MPE	CWE-78	9.8 / Critical
CVE-2022-45025	MPE	CWE-78	9.8 / Critical
CVE-2022-34894	JetBrains Hub	CWE-284	5.3 / Medium
CVE-2022-25262	JetBrains Hub	CWE-287	9.8 / Critical
CVE-2022-25260	JetBrains Hub	CWE-918	9.1 / Critical
CVE-2022-25259	JetBrains Hub	CWE-79	6.1 / Medium
CVE-2022-24347	JetBrains Hub	CWE-79	5.4 / Medium
CVE-2022-24342	JetBrains TeamCity	CWE-352	8.8 / High
CVE-2022-24339	JetBrains TeamCity	CWE-79	5.4 / Medium
CVE-2022-24328	JetBrains Hub	CWE-841	6.5 / Medium
CVE-2022-24327	JetBrains Hub	CWE-732	7.5 / High
CVE-2021-25765	JetBrains YouTrack	CWE-352	8.8 / High
CVE-2020-27626	JetBrains YouTrack	CWE-918	5.3 / Medium
CVE-2020-27624	JetBrains YouTrack	CWE-918	5.3 / Medium
CVE-2020-25209	JetBrains YouTrack	CWE-639	7.5 / High
CVE-2020-24618	JetBrains YouTrack	CWE-639	6.5 / Medium
CVE-2020-15823	JetBrains YouTrack	CWE-918	7.5 / High
CVE-2020-15822	JetBrains YouTrack	CWE-918	7.3 / High

cve-2022-25260's People

Contributors

Stargazers

Watchers

Forkers

polling-repo-continua 5l1v3r1 726232111

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.