6.1CVSS
4.8AI Score
0.001EPSS
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient
2.3CVSS
4.1AI Score
0.0004EPSS
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible
6.9CVSS
6.7AI Score
0.0004EPSS
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible
7.7CVSS
7.6AI Score
0.0004EPSS
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible
6.9CVSS
6.7AI Score
0.0004EPSS
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible
3.2CVSS
4.5AI Score
0.0004EPSS
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible
6.1CVSS
5.9AI Score
0.001EPSS
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed
7.1CVSS
6.9AI Score
0.0004EPSS
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible
7.7CVSS
7.7AI Score
0.0004EPSS
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible
3.5CVSS
4.2AI Score
0.0004EPSS
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible
7.7CVSS
7.7AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
6.1CVSS
6AI Score
0.001EPSS
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible
4.9CVSS
5.1AI Score
0.001EPSS
In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible
6.1CVSS
5.9AI Score
0.001EPSS
SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.
8.7CVSS
5.1AI Score
0.001EPSS
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases
6.5CVSS
6.4AI Score
0.001EPSS
8.8CVSS
8.8AI Score
0.001EPSS
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible
7.8CVSS
7.7AI Score
0.0004EPSS
In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed
3.6CVSS
4.2AI Score
0.0004EPSS
In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution
7.8CVSS
7.7AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases
5.3CVSS
5.2AI Score
0.001EPSS
6.1CVSS
6.2AI Score
0.001EPSS
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases
6.5CVSS
6.5AI Score
0.002EPSS
The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking
7.8CVSS
7.5AI Score
0.001EPSS
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
5.3CVSS
5.4AI Score
0.001EPSS
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings
7.5CVSS
7.5AI Score
0.002EPSS
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
7.5CVSS
7.5AI Score
0.002EPSS
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address
7.5CVSS
7.4AI Score
0.001EPSS
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.
7.8CVSS
7.7AI Score
0.0004EPSS
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.
4CVSS
4.1AI Score
0.0004EPSS
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.
6.2CVSS
5.5AI Score
0.0004EPSS
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.
5.5CVSS
5.5AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.
8.8CVSS
8.5AI Score
0.002EPSS
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.
6.6CVSS
5.1AI Score
0.001EPSS
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.
7.5CVSS
7.5AI Score
0.001EPSS
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.
7.8CVSS
7.6AI Score
0.0004EPSS
9.8CVSS
9.4AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
6.1CVSS
5.9AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
6.1CVSS
5.9AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.
7.5CVSS
7.5AI Score
0.001EPSS
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation.
7.8CVSS
7.5AI Score
0.0004EPSS