Jetbrains Security Vulnerabilities
In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.
5.3CVSS
5.3AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version.
5.3CVSS
5.2AI Score
0.001EPSS
JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances.
7.5CVSS
7.3AI Score
0.002EPSS
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.
5.3CVSS
5.3AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS
6.1CVSS
6.5AI Score
0.001EPSS
4.3CVSS
4.6AI Score
0.001EPSS
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
5.3CVSS
5.2AI Score
0.001EPSS
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.
7.5CVSS
7.4AI Score
0.002EPSS
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.
7.5CVSS
7.4AI Score
0.001EPSS
In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS.
7.4CVSS
7.4AI Score
0.002EPSS
Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network.
7.5CVSS
7.5AI Score
0.002EPSS
In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3.
7.5CVSS
7.5AI Score
0.002EPSS
In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections.
7.5CVSS
7.5AI Score
0.002EPSS
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
4.3CVSS
4.7AI Score
0.001EPSS
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
7.5CVSS
7.5AI Score
0.002EPSS
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
5.4CVSS
5.1AI Score
0.001EPSS
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
6.1CVSS
6.2AI Score
0.001EPSS
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.
5.3CVSS
5.3AI Score
0.001EPSS
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.
6.1CVSS
5.9AI Score
0.001EPSS
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.
7.5CVSS
7.4AI Score
0.002EPSS
In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic.
2.5CVSS
4AI Score
0.001EPSS
In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS.
5.3CVSS
5.4AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.001EPSS
In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution.
7.8CVSS
7.7AI Score
0.0004EPSS
In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user.
6.5CVSS
6.4AI Score
0.001EPSS
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.
5.3CVSS
5.1AI Score
0.001EPSS
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.
5.3CVSS
5.2AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS
5.3CVSS
5.4AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.
5.3CVSS
5.4AI Score
0.001EPSS
In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.
5.3CVSS
5.5AI Score
0.001EPSS
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.
5.3CVSS
5.4AI Score
0.001EPSS
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.
7.5CVSS
7.4AI Score
0.001EPSS
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
9.8CVSS
9.6AI Score
0.012EPSS
In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.
4.3CVSS
4.5AI Score
0.001EPSS
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
5.3CVSS
5.3AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.
4.3CVSS
4.6AI Score
0.001EPSS
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.
3.8CVSS
4.5AI Score
0.001EPSS
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
7.5CVSS
7.4AI Score
0.002EPSS
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
5.3CVSS
5.4AI Score
0.001EPSS
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
5.3CVSS
5.3AI Score
0.001EPSS
Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions.
3.3CVSS
3.9AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.001EPSS