6.3
CVE-2026-32745
- EPSS 0.1%
- Veröffentlicht 13.03.2026 15:50:04
- Zuletzt bearbeitet 02.04.2026 14:55:21
- Quelle cve@jetbrains.com
- CVE-Watchlists
- Unerledigt
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.011 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.7 | 2.1 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| cve@jetbrains.com | 6.3 | 2.1 | 4.2 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
The Secure attribute for sensitive cookies in HTTPS sessions is not set.
https://www.jetbrains.com/privacy-security/issues-fixed/