JebrainsJETBRAINS:JETBRAINS-SECURITY-BULLETIN-Q1-2019JetBrains Security Bulletin Q1 2019
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.014 Low
EPSS
Percentile
86.3%
FYI Security
JetBrains Security Bulletin Q1 2019
This bulletin summarizes the security vulnerabilities detected in JetBrains products and remediated in the first quarter of 2019.
These include issues reported by Jonathan Leitschuh potentially exposing a product user or a projectโs infrastructure to man-in-the-middle attacks, namely
- resolving Gradle, Maven, and sbt project artifacts over an unencrypted connection in various projects; and
- generating project templates in an IDE causing the above-mentioned issue in a userโs project.
Weโve also run extended verification of the secret storage mechanism in our IDEsโ settings, and identified and fixed several cases of cleartext secret storage.
Hereโs a summary report that comprises the affected product, the description of each issue, its severity, and the product version containing the fix.
| Product | Description | Severity | Resolved in | CVE/CWE |
|---|---|---|---|---|
| CLion | The suggested WSL configuration exposed a local SSH server to the internal network (CPP-15063) | Moderate | No fix versions | CWE-276 |
| Documentation | JetBrains GitHub repositories had a world-editable wiki.(DOC-6532) Reported by Bogdan Gagea | Moderate | No fix versions | CWE-732 |
| Hub | A user password could appear in the audit events for certain server settings (JPS-7895) | High | 2018.4.11298 | CVE-2019-12847 |
| IntelliJ IDEA | The default configuration for Spring Boot apps was not secure (IDEA-204439) | High | 2018.3.4, 2019.1 | CVE-2019-9186 |
| IntelliJ IDEA | The application server configuration allowed cleartext storage of secrets (IDEA-201519, IDEA-202483, IDEA-203271) | High | 2018.1.8, 2018.2.8, 2018.3.5, 2019.1 | CVE-2019-9872 |
| IntelliJ IDEA | The implementation of storage in the KeePass database was not secure (IDEA-200066) | Low | 2018.3, 2019.1 | CWE-922 |
| IntelliJ IDEA | A certain application server configuration allowed cleartext storage of secrets (IDEA-199911) | Low | 2018.3 | CWE-317 |
| IntelliJ IDEA | A certain application server configuration allowed cleartext storage of secrets (IDEA-203613) | Moderate | 2018.1.8, 2018.2.8, 2018.3.5 | CVE-2019-9823 |
| IntelliJ IDEA | A certain remote server configurations allowed cleartext storage of secrets (IDEA-203272, IDEA-203260, IDEA-206556, IDEA-206557) | High | 2019.1 | CVE-2019-9873 |
| IntelliJ IDEA | The run configuration of certain application servers allowed remote code execution while running the server with the default settings (IDEA-204570) | High | 2018.3.7, 2018.1.8, 2018.2.8, 2018.3.4 | CVE-2019-10103, CVE-2019-10104 |
| JetBrains Account | An open redirect vulnerability via the backUrl parameter was detected (JPF-8899) | Moderate | No fix version | CWE-601 |
| JetBrains Account | An open redirect vulnerability via the backUrl parameter was detected (JPF-8899) | Moderate | No fix version | CWE-444 |
| Kotlin | The JetBrains Kotlin project was resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. | Moderate | 1.3.30 | CVE-2019-10101 |
| Kotlin Plugin | IntelliJ IDEA projects created using the Kotlin IDE template were resolving artifacts using an http connection, potentially allowing an MITM attack. | Moderate | 1.3.30 | CVE-2019-10102 |
| Plugin Marketplace | Some HTTP Security Headers were missing (MP-2004) | Moderate | No fix version | CWE-693 |
| Plugin Marketplace | A reflected XSS was detected (MP-2001) | Moderate | No fix version | CWE-79 |
| Plugin Marketplace | A CSRF vulnerability was detected (MP-2002) | Moderate | No fix version | CWE-352 |
| PyCharm | A certain remote server configuration allowed cleartext storage of secrets (PY-32885) | Moderate | 2018.3.2 | CWE-209 |
| TeamCity | A possible stored JavaScript injection was detected (TW-59419) | Moderate | 2018.2.3 | CVE-2019-12844 |
| TeamCity | The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts (TW-59379) | Moderate | 2018.2.3 | CVE-2019-12845 |
| TeamCity | A possible stored JavaScript injection requiring a deliberate server administrator action was detected (TW-55640) | Moderate | 2018.2.3 | CVE-2019-12843 |
| TeamCity | Incorrect handling of user input in ZIP extraction (TW-57143) | Moderate | 2018.2.2 | CVE-2019-12841 |
| TeamCity | A reflected XSS on a user page was detected (TW-58661) | Moderate | 2018.2.2 | CVE-2019-12842 |
| TeamCity | A user without the required permissions could gain access to some settings (TW-58571) | Moderate | 2018.2.2 | CVE-2019-12846 |
| YouTrack | An SSRF attack was possible on a YouTrack server (JT-51121) | High | 2018.4.49168 | CVE-2019-12852 |
| YouTrack | An Insecure Direct Object Reference was possible (JT-51103) | Low | 2018.4.49168 | CVE-2019-12866 |
| YouTrack | Certain actions could cause privilege escalation for issue attachments (JT-51080) | Moderate | 2018.4.49168 | CVE-2019-12867 |
| YouTrack | A query injection was possible (JT-51105) | Low | 2018.4.49168 | CVE-2019-12850 |
| YouTrack Licensing | An unauthorized disclosure of license details to an attacker #2 was possible (JT-51117) | Low | No fix version | CWE-284 |
| YouTrack Licensing | A reflected XSS was detected (JT-51074) | Low | No fix version | CWE-79 |
| YouTrack | A CSRF vulnerability was detected in one of admin endpoints (JT-51110) | Moderate | 2018.4.49852 | CVE-2019-12851 |
| YouTrack Confluence Integration Plugin | The YouTrack Confluence plugin allowed the SSTI vulnerability (JT-51594) | Moderate | 1.8.1.3 | CVE-2019-10100 |
If you need any further assistance, please contact our Security Team.
Subscribe to receive the bulletin in your mailbox.
Your JetBrains Team
The Drive to Develop
security bulletin
SpringShell Vulnerability in JetBrains Products and Services Next post
Subscribe to JetBrains Blog updates
Subscribe form
By submitting this form, I agree to the JetBrains Privacy Policy Notification icon
By submitting this form, I agree that JetBrains s.r.o. (โJetBrainsโ) may use my name, email address, and location data to send me newsletters, including commercial communications, and to process my personal data for this purpose. I agree that JetBrains may process said data using third-party services for this purpose in accordance with the JetBrains Privacy Policy. I understand that I can revoke this consent at any time in my profile. In addition, an unsubscribe link is included in each email.
Submit
Thanks, weโve got you!
Affected configurations
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.014 Low
EPSS
Percentile
86.3%