Space
CVE-2020-11795
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
In JetBrains Space through 2020-04-22, the session timeout period was configured improperly.
AnalysisAI
In JetBrains Space through 2020-04-22, the session timeout period was configured improperly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-613. In JetBrains Space through 2020-04-22, the session timeout period was configured improperly. Affected products include: Jetbrains Space. Version information: through 2020.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
In JetBrains Space through 2020-04-22, the password authentication implementation was insecure. Rated critical severity
JetBrains Space through 2020-04-22 allows stored XSS in Chats. Rated medium severity (CVSS 5.4), this vulnerability is r
Same weakness CWE-613 – Insufficient Session Expiration
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today