In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
4.3CVSS
4.7AI Score
0.0005EPSS
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
6.1CVSS
5.4AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image
5.5CVSS
5.5AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
6.1CVSS
6.8AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
6.8CVSS
6AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
5.4CVSS
5.5AI Score
0.001EPSS
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1....
9.3CVSS
6.9AI Score
0.001EPSS