Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jetbrainsJebrainsJETBRAINS:JETBRAINS-SECURITY-BULLETIN-Q3-2019
HistoryOct 29, 2019 - 12:00 a.m.

JetBrains Security Bulletin Q3 2019

2019-10-2900:00:00
Jebrains
blog.jetbrains.com
164

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

5.9 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.8%

JSON

FYI Security

JetBrains Security Bulletin Q3 2019

Robert Demmer

Robert Demmer

In the third quarter of 2019, we resolved a series of security issues in our products.

Here’s a summary report that contains a description of each issue and the version in which it was resolved.

Product Description Severity Resolved in CVE/CWE
Hub Username enumeration was possible through password recovery. (JPS-9655, JPS-9938) Note 2019.1.11738 CVE-2019-18360
IntelliJ IDEA Local user privilege escalation potentially allowed arbitrary code execution. (IDEA-216623) Low 2019.2 CVE-2019-18361
JetBrains Account Account removal without re-authentication was possible. (JPF-9611 reported by Siamul Islam) Moderate 2019.9 CWE-306
JetBrains Account Password reset link was not invalidated during password change through profile. (JPF-9610 reported by Elliot V. Daniel) Moderate 2019.8 CWE-613
MPS Ports listened to by MPS are exposed to the network. (MPS-30661) Low 2019.2.2 CVE-2019-18362
TeamCity Access could be gained to the history of builds of a deleted build configuration under some circumstances. (TW-60957) Moderate 2019.1.2 CVE-2019-18363
TeamCity Insecure Java Deserialization could potentially allow RCE. (TW-61928 reported by Aleksei “GreenDog” Tiurin) Moderate 2019.1.4 CVE-2019-18364
TeamCity Reverse tabnabbing was possible on several pages. (TW-61323, TW-61725, TW-61726, TW-61646, TW-62123) Low 2019.1.4 CVE-2019-18365
TeamCity Secure values could be exposed to users with the ‘View build runtime parameters and data’ permission. Low 2019.1.2 CVE-2019-18366
TeamCity A non-destructive operation could be performed by a user without the corresponding permissions. (TW-61107) Low 2019.1.2 CVE-2019-18367
Toolbox App Privilege escalation was possible in the JetBrains Toolbox App for Windows. (TBX-3759) Low 1.15.5666 CVE-2019-18368
YouTrack Sending of arbitrary spam email from a YouTrack instance was possible. (JT-54136, ADM-13823, ADM-34971) Low Not applicable CWE-285
YouTrack Removing tags from issues list without corresponding permission was possible. (JT-53465) Low 2019.2.55152 CVE-2019-18369

If you need any further assistance, please contact our Security Team.

Subscribe to receive the bulletin in your mailbox.

Your JetBrains Team
The Drive to Develop

security bulletin

SpringShell Vulnerability in JetBrains Products and Services Next post

Subscribe to JetBrains Blog updates

Subscribe form

By submitting this form, I agree to the JetBrains Privacy Policy Notification icon

By submitting this form, I agree that JetBrains s.r.o. (“JetBrains”) may use my name, email address, and location data to send me newsletters, including commercial communications, and to process my personal data for this purpose. I agree that JetBrains may process said data using third-party services for this purpose in accordance with the JetBrains Privacy Policy. I understand that I can revoke this consent at any time in my profile. In addition, an unsubscribe link is included in each email.

Submit

Thanks, we’ve got you!

image description

Affected configurations

Vulners
Node
jetbrainshubRange<2019.1.11738
OR
jetbrainsintellij_ideaRange<2019.2
OR
jetbrainsscalaRange<2019.9jetbrains
OR
jetbrainsscalaRange<2019.8jetbrains
OR
jetbrainsmpsRange<2019.2.2
OR
jetbrainsteamcityRange<2019.1.2
OR
jetbrainsteamcityRange<2019.1.4
OR
jetbrainsteamcityRange<2019.1.4
OR
jetbrainsteamcityRange<2019.1.2
OR
jetbrainsteamcityRange<2019.1.2
OR
jetbrainstoolboxRange<1.15.5666
OR
jetbrainsyoutrackRange<2019.2.55152

Related

cve 10
nvd 10
cvelist 10
prion 10
osv 1
ubuntucve 1
cbl_mariner 1
cve
cve
CVE-2019-18363
2019-10-31 15:15:11
CVE-2019-18365
2019-10-31 16:15:10
CVE-2019-18364
2019-10-31 15:15:11
nvd
nvd
CVE-2019-18364
2019-10-31 15:15:11
CVE-2019-18369
2019-10-31 16:15:11
CVE-2019-18365
2019-10-31 16:15:10
cvelist
cvelist
CVE-2019-18366
2019-10-31 15:16:41
CVE-2019-18365
2019-10-31 15:12:10
CVE-2019-18369
2019-10-31 15:25:56
prion
prion
Deserialization of untrusted data
2019-10-31 15:15:00
Design/Logic Flaw
2019-10-31 16:15:00
Design/Logic Flaw
2019-10-31 16:15:00
osv
osv
CVE-2019-18362
2019-10-31 15:15:11
ubuntucve
ubuntucve
CVE-2019-18361
2019-10-31 00:00:00
cbl_mariner
cbl_mariner
CVE-2019-18368 affecting package toolbox 0.0.18-9
2024-06-30 09:08:35

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

5.9 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.8%

JSON
Related for JETBRAINS:JETBRAINS-SECURITY-BULLETIN-Q3-2019
cve10nvd10cvelist10prion10osv1ubuntucve1cbl_mariner1