In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.
8.8CVSS
8.6AI Score
0.0004EPSS
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
7.5CVSS
7.4AI Score
0.001EPSS
In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file
3.3CVSS
4.3AI Score
0.0004EPSS
In JetBrains Ktor before 2.3.0 path traversal in the resolveResource method was possible
7.5CVSS
7.5AI Score
0.001EPSS
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
9.8CVSS
9.3AI Score
0.002EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
9.8CVSS
9.3AI Score
0.003EPSS
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
4.3CVSS
4.6AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
5.4CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
5.4CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
6.1CVSS
5.9AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
4.8CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
5.4CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
6.1CVSS
5.9AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
7.5CVSS
7.4AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
6.5CVSS
6.6AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
5.4CVSS
5AI Score
0.0005EPSS
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
3.3CVSS
4.2AI Score
0.0004EPSS
In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
7.5CVSS
7.5AI Score
0.001EPSS
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
5.4CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations
6.5CVSS
6.4AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
6.5CVSS
6.4AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
6.1CVSS
5.9AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
6.5CVSS
6.4AI Score
0.001EPSS
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
7.3CVSS
7.2AI Score
0.001EPSS
In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases
3.3CVSS
4.2AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
8.8CVSS
8.7AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers
7.5CVSS
7.5AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
6.1CVSS
6AI Score
0.001EPSS
In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions
7.8CVSS
7.6AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step
6.1CVSS
6AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
6.1CVSS
6AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
9.8CVSS
9.4AI Score
0.001EPSS
9.1CVSS
9.2AI Score
0.001EPSS
8.8CVSS
8.6AI Score
0.001EPSS
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed
4.3CVSS
4.8AI Score
0.0004EPSS
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration
9.8CVSS
9.5AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible
5.4CVSS
5.2AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible
5.3CVSS
5.3AI Score
0.0005EPSS