Lucene search

Jetbrains Security Vulnerabilities

cve

CVE-2022-29811

In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.

6.1CVSS

4.8AI Score

0.001EPSS

2022-04-28 10:15 AM

cve

CVE-2022-29812

In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient

2.3CVSS

4.1AI Score

0.0004EPSS

2022-04-28 10:15 AM

cve

CVE-2022-29813

In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible

6.9CVSS

6.7AI Score

0.0004EPSS

2022-04-28 10:15 AM

cve

CVE-2022-29814

In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible

7.7CVSS

7.6AI Score

0.0004EPSS

2022-04-28 10:15 AM

cve

CVE-2022-29815

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible

6.9CVSS

6.7AI Score

0.0004EPSS

2022-04-28 10:15 AM

cve

CVE-2022-29816

In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible

3.2CVSS

4.5AI Score

0.0004EPSS

2022-04-28 10:15 AM

cve

CVE-2022-29817

In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible

6.1CVSS

5.9AI Score

0.001EPSS

2022-04-28 10:15 AM

cve

CVE-2022-29818

In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed

7.1CVSS

6.9AI Score

0.0004EPSS

2022-04-28 10:15 AM

cve

CVE-2022-29819

In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible

7.7CVSS

7.7AI Score

0.0004EPSS

2022-04-28 10:15 AM

cve

CVE-2022-29820

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible

3.5CVSS

4.2AI Score

0.0004EPSS

2022-04-28 10:15 AM

cve

CVE-2022-29821

In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible

7.7CVSS

7.7AI Score

0.0004EPSS

2022-04-28 10:15 AM

cve

CVE-2022-29927

In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible

6.1CVSS

6AI Score

0.001EPSS

2022-05-12 09:15 AM

cve

CVE-2022-29928

In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible

4.9CVSS

5.1AI Score

0.001EPSS

2022-05-12 09:15 AM

cve

CVE-2022-29929

In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible

6.1CVSS

5.9AI Score

0.001EPSS

2022-05-12 09:15 AM

cve

CVE-2022-29930

SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.

8.7CVSS

5.1AI Score

0.001EPSS

2022-05-12 09:15 AM

cve

CVE-2022-34894

In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services

5.3CVSS

5.3AI Score

0.001EPSS

2022-07-01 10:15 AM

cve

CVE-2022-36321

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases

6.5CVSS

6.4AI Score

0.001EPSS

2022-07-20 01:15 PM

cve

CVE-2022-36322

In JetBrains TeamCity before 2022.04.2 build parameter injection was possible

8.8CVSS

8.8AI Score

0.001EPSS

2022-07-20 01:15 PM

cve

CVE-2022-37009

In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible

7.8CVSS

7.7AI Score

0.0004EPSS

2022-07-28 11:15 AM

cve

CVE-2022-37010

In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed

3.6CVSS

4.2AI Score

0.0004EPSS

2022-07-28 11:15 AM

cve

CVE-2022-37396

In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution

7.8CVSS

7.7AI Score

0.0004EPSS

2022-08-03 04:15 PM

399

cve

CVE-2022-38133

In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases

5.3CVSS

5.2AI Score

0.001EPSS

2022-08-10 04:15 PM

cve

CVE-2022-38179

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack

6.1CVSS

6.2AI Score

0.001EPSS

2022-08-12 10:15 AM

cve

CVE-2022-38180

In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases

6.5CVSS

6.5AI Score

0.002EPSS

2022-08-12 10:15 AM

cve

CVE-2022-40978

The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking

7.8CVSS

7.5AI Score

0.001EPSS

2022-09-19 04:15 PM

308

cve

CVE-2022-40979

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable

5.3CVSS

5.3AI Score

0.001EPSS

2022-09-23 11:15 AM

cve

CVE-2022-44622

In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive

5.3CVSS

5.4AI Score

0.001EPSS

2022-11-03 02:15 PM

cve

CVE-2022-44623

In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings

7.5CVSS

7.5AI Score

0.002EPSS

2022-11-03 02:15 PM

cve

CVE-2022-44624

In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters

7.5CVSS

7.5AI Score

0.002EPSS

2022-11-03 02:15 PM

cve

CVE-2022-44646

In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings

5.3CVSS

5.3AI Score

0.001EPSS

2022-11-03 02:15 PM

cve

CVE-2022-45471

In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address

7.5CVSS

7.4AI Score

0.001EPSS

2022-11-18 03:15 PM

cve

CVE-2022-46824

In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.

7.8CVSS

7.7AI Score

0.0004EPSS

2022-12-08 06:15 PM

cve

CVE-2022-46825

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.

4CVSS

4.1AI Score

0.0004EPSS

2022-12-08 06:15 PM

cve

CVE-2022-46826

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.

6.2CVSS

5.5AI Score

0.0004EPSS

2022-12-08 06:15 PM

cve

CVE-2022-46827

In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.

5.5CVSS

5.5AI Score

0.0004EPSS

2022-12-08 06:15 PM

cve

CVE-2022-46828

In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.

7.8CVSS

7.6AI Score

0.0004EPSS

2022-12-08 06:15 PM

120

cve

CVE-2022-46829

In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.

8.8CVSS

8.5AI Score

0.002EPSS

2022-12-08 06:15 PM

171

cve

CVE-2022-46830

In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.

5.3CVSS

5.3AI Score

0.001EPSS

2022-12-08 06:15 PM

cve

CVE-2022-46831

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

6.6CVSS

5.1AI Score

0.001EPSS

2022-12-08 06:15 PM

cve

CVE-2022-47895

In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.

7.5CVSS

7.5AI Score

0.001EPSS

2022-12-22 11:15 AM

cve

CVE-2022-47896

In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.

7.8CVSS

7.6AI Score

0.0004EPSS

2022-12-22 11:15 AM

cve

CVE-2022-48342

In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.

9.8CVSS

9.4AI Score

0.001EPSS

2023-02-23 04:15 PM

cve

CVE-2022-48343

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

6.1CVSS

5.9AI Score

0.001EPSS

2023-02-23 04:15 PM

cve

CVE-2022-48344

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.

6.1CVSS

5.9AI Score

0.001EPSS

2023-02-23 04:15 PM

cve

CVE-2022-48426

In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible

5.4CVSS

5.2AI Score

0.001EPSS

2023-03-27 04:15 PM

cve

CVE-2022-48427

In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible

5.4CVSS

5.2AI Score

0.001EPSS

2023-03-27 05:15 PM

cve

CVE-2022-48428

In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible

5.4CVSS

5.2AI Score

0.001EPSS

2023-03-27 05:15 PM

cve

CVE-2022-48429

In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible

5.4CVSS

5.2AI Score

0.001EPSS

2023-03-27 04:15 PM

cve

CVE-2022-48430

In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.

7.5CVSS

7.5AI Score

0.001EPSS

2023-03-29 01:15 PM

cve

CVE-2022-48431

In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation.

7.8CVSS

7.5AI Score

0.0004EPSS

2023-03-29 01:15 PM

Total number of security vulnerabilities359