CVE-2026-32745

In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 4.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.jetbrains.com/privacy-security/issues-fixed/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:jetbrains:datalore:*:*:*:*:*:*:*:*

History

02 Apr 2026, 14:55

Type	Values Removed	Values Added
CWE		CWE-319
First Time		Jetbrains Jetbrains datalore
References	~~() https://www.jetbrains.com/privacy-security/issues-fixed/ -~~	() https://www.jetbrains.com/privacy-security/issues-fixed/ - Vendor Advisory
CPE		cpe:2.3:a:jetbrains:datalore::::::::

16 Mar 2026, 14:53

Type	Values Removed	Values Added
Summary		(es) En JetBrains Datalore antes de 2026.1 el secuestro de sesión era posible debido a la falta del atributo seguro para la configuración de cookies.

13 Mar 2026, 19:55

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-13 19:55

Updated : 2026-04-02 14:55

NVD link : CVE-2026-32745

Mitre link : CVE-2026-32745

CVE.ORG link : CVE-2026-32745

JSON object : View

Products Affected

jetbrains

datalore

CWE

CWE-614

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CWE-319

Cleartext Transmission of Sensitive Information

6.3 /10