← Back

CVE-2025-24456

nvd nist
Published: Jan 21, 2025Modified: Jan 30, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping

Affected (1)

Products: Jetbrains: Hub
Jetbrains
1 product
Hub
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Hub
Before 2024.3.55417

Related CWEs

CWE-288
Authentication Bypass Using an Alternate Path or Channel
A product requires authentication, but the product has an alternate path or channel that does not require authentication.
CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (1)

Source: cve@jetbrains.com
Vendor Advisory

Timeline

No history available yet.