11 matches found
CVE-2020-25207
CVE-2020-25207 affects JetBrains Toolbox prior to version 1.18. The vulnerability enables remote code execution via a browser protocol handler, with CVSS 3.1 base score 9.8 (CRITICAL). Connected documents confirm the issue and vector but do not specify a patched version; no exploitation details a...
CVE-2019-18368
JetBrains Toolbox App for Windows is affected (before version 1.15.5666) by a privilege-escalation vulnerability (CVE-2019-18368). The Red Hat, CNVD, and NVD entries corroborate the issue; JetBrains’ Q3-2019 security bulletin confirms Toolbox Privilege escalation resolved in 1.15.5666. Root cause...
CVE-2020-25013
CVE-2020-25013 : JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service through a browser protocol handler. The issue arises in the tool’s handling of browser protocol links, allowing a DoS condition. Connected sources corroborate the vendor advisory and related security bulle...
CVE-2019-14959
JetBrains Toolbox before 1.15.5605 resolves an internal URL over cleartext HTTP, enabling potential exposure of data via a MITM-like scenario (CONF: partial confidentiality). The issue is documented across multiple sources (NVD entry CVE-2019-14959; Red Hat and Microsoft advisories; JetBrains Sec...
CVE-2024-24943
CVE-2024-24943 affects JetBrains Toolbox App prior to 2.2. Affected component: parsing/rendering of SVG images, with root cause described as a DoS in a malicious SVG image leading to availability impact. Reported impact: availability loss (DoS) with no confidentiality/integrity impact per sources...
CVE-2022-48481
JetBrains Toolbox App (macOS) prior to version 1.28 is affected by a vulnerability allowing DYLIB injection. Root cause: dylib loading/injection path on macOS leads to potential tampering. Impact: supports potential malicious activity, with confidentiality/integrity/availability concerns noted in...
CVE-2025-43013
JetBrains Toolbox App prior to version 2.6 is affected by CVE-2025-43013 due to unencrypted credential transmission during SSH authentication. The issue is documented across multiple sources (Red Hat, NVD, CNVD, Nessus plugin, and PT Security) and is tied specifically to the SSH plugin’s handling...
CVE-2025-43014
CVE-2025-43014 affects JetBrains Toolbox App prior to 2.6, specifically the SSH plugin, which established connections without sufficient user confirmation. The available connected documents confirm this vulnerability exists in versions before 2.6 and describe the issue as a lack of proper user va...
CVE-2025-43012
JetBrains Toolbox App prior to version 2.6 is affected by a vulnerability in the SSH plugin that enables command injection due to improper input handling. Reported as CVE-2025-43012, the issue can permit arbitrary code execution with network access and no user interaction required, as reflected b...
CVE-2020-15827
JetBrains Toolbox 1.17 before 1.17.6856 had a signature verification issue: the set of verifications omitted the jetbrains-toolbox.exe. This concerns integrity checks. Remediation: upgrade to 1.17.6856 or newer per the JetBrains Security Bulletin Q2 2020.
CVE-2025-42921
JetBrains Toolbox App has a CVE-2025-42921 vulnerability affecting versions prior to 2.6, caused by missing host key verification in the SSH plugin. Multiple connected sources corroborate that the SSH plugin’s host key verification is absent, enabling potential subversion of SSH authenticity. Aff...