HIGH🇬🇧 English

CVE-2025-30210

CVSS 8.7v4.0pub. 2025-04-01upd. 2025-09-23

Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content (in this case the Environment name) as raw HTML which then gets injected into DOM on hover. This, combined with loose Content Security Policy restrictions, allowed any valid HTML text containing inline script to get executed on hovering over the respective Environment's name. This vulnerability's attack surface is limited strictly to scenarios where users import collections from untrusted or malicious sources. The exploit requires deliberate action from the user—specifically, downloading and opening an externally provided malicious Bruno or Postman collection export and the user hovers on the environment name. This vulnerability is fixed in 1.39.1.

oryginał EN
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Usebruno Bruno

    APP
    Usebruno
    < 1.39.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-34841CRITICAL9.8PL ✓ten sam produkt

Atak na łańcuch dostaw Bruno via skompromitowany pakiet axios – instalacja RAT

CVE-2025-30354HIGH8.7ten sam produkt

Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expre...

CVE-2024-48463MEDIUM6.5ten sam produkt

Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for opening windows...