PoC + vulnerability details for CVE-2022-25262 | JetBrains Hub single-click SAML response takeover.
The weakness consists of 2 parts:
- Usage of OAuth2 authorization code pool for “OAuth2 -> SAML” exchange process.
- Authorization code takeover using YouTrack Konnector integration.
Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer