Primary

Context

JetBrains Toolbox App SSH Plugin Host Key Verification Vulnerability

Vulnerability

Patched

A vulnerability exists in the JetBrains Toolbox App SSH plugin prior to version 2.6, where host key verification was not properly implemented. This flaw could potentially be exploited to perform man-in-the-middle attacks by accepting any SSH host key without validation.

Impact

The lack of host key verification in the SSH plugin could lead to man-in-the-middle attacks, allowing an attacker to intercept and potentially alter communications between the user and the SSH server.

Remediation

Users can update to JetBrains Toolbox App version 2.6 or later, where this vulnerability has been addressed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JetBrains Toolbox App SSH Plugin Host Key Verification Vulnerability

Vulnerability

Impact

Remediation

Affected Products

JetBrains Toolbox App

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating