In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible because of insufficient checks when getting the project from VCS.
7.8CVSS
7.7AI Score
0.0004EPSS
In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS.
7.8CVSS
7.7AI Score
0.0004EPSS
In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure.
7.5CVSS
7.2AI Score
0.002EPSS
In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly
7.5CVSS
7.5AI Score
0.002EPSS
In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of unbounded resource allocation.
7.5CVSS
7.5AI Score
0.001EPSS
In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.
9.8CVSS
9.7AI Score
0.005EPSS
7.5CVSS
7.5AI Score
0.002EPSS
In JetBrains Code With Me bundled to the compatible IDEs before version 2021.1, the client could execute code in read-only mode.
8.8CVSS
8.7AI Score
0.001EPSS
In JetBrains Code With Me bundled to the compatible IDE versions before 2021.1, a client could open a browser on a host.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group.
7.5CVSS
7.7AI Score
0.001EPSS
In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.
7.5CVSS
7.5AI Score
0.001EPSS
In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS.
6.1CVSS
6.2AI Score
0.001EPSS
In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.
6.1CVSS
6AI Score
0.001EPSS
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.
7.5CVSS
7.2AI Score
0.002EPSS
In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.
2.7CVSS
4.1AI Score
0.001EPSS
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.
5.3CVSS
5.4AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
9.8CVSS
9.8AI Score
0.007EPSS
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
7.5CVSS
7.2AI Score
0.002EPSS
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
6.1CVSS
6AI Score
0.001EPSS
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.
8.8CVSS
8.7AI Score
0.002EPSS
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.
7.5CVSS
7.6AI Score
0.002EPSS
In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.
9.8CVSS
9.6AI Score
0.005EPSS
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
9.8CVSS
9.9AI Score
0.007EPSS
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
9.8CVSS
9.5AI Score
0.002EPSS
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.
6.5CVSS
6.4AI Score
0.001EPSS
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
6.1CVSS
6.4AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects.
8.8CVSS
8.9AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.01EPSS
In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.
7.5CVSS
7.7AI Score
0.001EPSS
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.
7.5CVSS
7.4AI Score
0.002EPSS
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.
9.1CVSS
9.1AI Score
0.002EPSS
7.5CVSS
7.5AI Score
0.001EPSS
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
5.3CVSS
5.3AI Score
0.001EPSS
5.4CVSS
5.1AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.002EPSS
In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.
4.3CVSS
4.6AI Score
0.001EPSS
In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.
7.5CVSS
7.2AI Score
0.002EPSS
6.1CVSS
5.9AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.001EPSS
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.
9.8CVSS
9.5AI Score
0.003EPSS
5.4CVSS
5.2AI Score
0.001EPSS
9.8CVSS
9.6AI Score
0.002EPSS
5.4CVSS
5.4AI Score
0.001EPSS
In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information.
5.3CVSS
5AI Score
0.001EPSS