so.cl

Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

CVE-2022-25262 - JetBrains Hub single-click SAML response takeover

PoC + vulnerability details for CVE-2022-25262 | JetBrains Hub single-click SAML response takeover.
The weakness consists of 2 parts:
Usage of OAuth2 authorization code pool for “OAuth2 -> SAML” exchange process.
Authorization code takeover using YouTrack Konnector integration.
CVE-2022-25262 - JetBrains Hub single-click SAML response takeover

Nickname: sizeof(cat)
Job: Consultant, Hacker
PGP key: F273 5495

For a bird born in captivity, flight is a mental illness.