Jetbrains Security Vulnerabilities
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
4.3CVSS
4.7AI Score
0.0005EPSS
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
6.1CVSS
5.4AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image
5.5CVSS
5.5AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
6.1CVSS
6.8AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
6.8CVSS
6AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
5.4CVSS
5.5AI Score
0.001EPSS
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1....
9.3CVSS
6.9AI Score
0.001EPSS
In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles
5.3CVSS
4.8AI Score
0.0005EPSS
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
7.5CVSS
5.3AI Score
0.001EPSS
In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows
8.1CVSS
6.4AI Score
0.001EPSS
In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
5.4CVSS
3.8AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection
5.3CVSS
4.6AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings
5.3CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases
6.5CVSS
6.9AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
5.4CVSS
4.7AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
4.8CVSS
6AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration
9.8CVSS
7AI Score
0.001EPSS
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
6.5CVSS
7AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
7.5CVSS
7.2AI Score
0.001EPSS
In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions
7.8CVSS
7.3AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
5.4CVSS
6AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
5.4CVSS
6.1AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
6.1CVSS
6.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
5.4CVSS
6.1AI Score
0.0004EPSS
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible
6.1CVSS
7.5AI Score
0.0005EPSS
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
4.3CVSS
7.1AI Score
0.0004EPSS
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
5.3CVSS
7.1AI Score
0.0005EPSS
5.3CVSS
7.2AI Score
0.0005EPSS