Skip to content
View yuriisanin's full-sized avatar
๐Ÿ™
Focusing
๐Ÿ™
Focusing
62 followers · 7 following

Achievements

Achievement: StarstruckAchievement: Arctic Code Vault Contributor
BetaSend feedback

Achievements

Achievement: StarstruckAchievement: Arctic Code Vault Contributor
BetaSend feedback
Block or Report

Block or report yuriisanin

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this userโ€™s behavior. Learn more about reporting abuse.

Report abuse
yuriisanin/README.md

Hi there ๐Ÿ‘‹

linkedin-yurii-sanin GitHub followers twitter-saninyurii youtube-channel-views

Cheatsheets (1)
Findings (9)
Name Product CWE Severity
Disclosure of built-in OAuth2 connectors' secrets. (TCC-346) JetBrains TeamCity (Cloud) CWE-522 High
Session takeover via OAuth client manipulation. (TCC-347, TCC-349, TCC-351) JetBrains TeamCity (Cloud) CWE-345 High
Session takeover using open redirect misconfiguration. (TCC-348) JetBrains TeamCity (Cloud) CWE-601 High
VCS credentials disclosure via repository URL manipulation. (TCC-355, TCC-358) JetBrains TeamCity (Cloud) CWE-522 Medium
Session takeover using an open redirect in OAuth integration JetBrains TeamCity (Cloud) CEW-601 High
JWT token takeover using a open redirect misconfiguration JetBrains Datalore CWE-601 High
Path Traversal allows local file reading JetBrains Marketplace CWE-22 High
Blind Server-Side Request Forgery (SSRF) via calendar import JetBrains Space CWE-918 Medium
CVEs (19)
CVE Product CWE Severity
CVE-2022-45771 PwnDoc CWE-? 8.8 / High
CVE-2022-45026 MPE CWE-78 9.8 / Critical
CVE-2022-45025 MPE CWE-78 9.8 / Critical
CVE-2022-34894 JetBrains Hub CWE-284 5.3 / Medium
CVE-2022-25262 JetBrains Hub CWE-287 9.8 / Critical
CVE-2022-25260 JetBrains Hub CWE-918 9.1 / Critical
CVE-2022-25259 JetBrains Hub CWE-79 6.1 / Medium
CVE-2022-24347 JetBrains Hub CWE-79 5.4 / Medium
CVE-2022-24342 JetBrains TeamCity CWE-352 8.8 / High
CVE-2022-24339 JetBrains TeamCity CWE-79 5.4 / Medium
CVE-2022-24328 JetBrains Hub CWE-841 6.5 / Medium
CVE-2022-24327 JetBrains Hub CWE-732 7.5 / High
CVE-2021-25765 JetBrains YouTrack CWE-352 8.8 / High
CVE-2020-27626 JetBrains YouTrack CWE-918 5.3 / Medium
CVE-2020-27624 JetBrains YouTrack CWE-918 5.3 / Medium
CVE-2020-25209 JetBrains YouTrack CWE-639 7.5 / High
CVE-2020-24618 JetBrains YouTrack CWE-639 6.5 / Medium
CVE-2020-15823 JetBrains YouTrack CWE-918 7.5 / High
CVE-2020-15822 JetBrains YouTrack CWE-918 7.3 / High

Pinned

  1. CVE-2022-45025 CVE-2022-45025 Public

    [PoC] Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)

    89 20

  2. CVE-2022-24342 CVE-2022-24342 Public

    PoC for CVE-2022-24342: account takeover via CSRF in GitHub authentication

    Python 36 7

  3. svg2raster-cheatsheet svg2raster-cheatsheet Public

    A cheatsheet for exploiting server-side SVG rasterization.

    27 5

  4. CVE-2022-25262 CVE-2022-25262 Public

    PoC + vulnerability details for CVE-2022-25262 / JetBrains Hub single-click SAML response takeover

    Python 17 5

  5. CVE-2022-25260 CVE-2022-25260 Public

    PoC for CVE-2022-25260: pre-auth semi-blind SSRF in JetBrains Hub

    Python 4 3