Lucene search
+L
JetbrainsToolbox

11 matches found

CVE
CVE
added 2020/11/16 3:1 p.m.173 views

CVE-2020-25207

CVE-2020-25207 affects JetBrains Toolbox prior to version 1.18. The vulnerability enables remote code execution via a browser protocol handler, with CVSS 3.1 base score 9.8 (CRITICAL). Connected documents confirm the issue and vector but do not specify a patched version; no exploitation details a...

10CVSS9.5AI score0.04379EPSS
CVE
CVE
added 2019/10/31 3:24 p.m.170 views

CVE-2019-18368

JetBrains Toolbox App for Windows is affected (before version 1.15.5666) by a privilege-escalation vulnerability (CVE-2019-18368). The Red Hat, CNVD, and NVD entries corroborate the issue; JetBrains’ Q3-2019 security bulletin confirms Toolbox Privilege escalation resolved in 1.15.5666. Root cause...

7.5CVSS7.4AI score0.01041EPSS
CVE
CVE
added 2020/11/16 3:0 p.m.164 views

CVE-2020-25013

CVE-2020-25013 : JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service through a browser protocol handler. The issue arises in the tool’s handling of browser protocol links, allowing a DoS condition. Connected sources corroborate the vendor advisory and related security bulle...

7.5CVSS7.4AI score0.01367EPSS
CVE
CVE
added 2019/10/02 6:37 p.m.151 views

CVE-2019-14959

JetBrains Toolbox before 1.15.5605 resolves an internal URL over cleartext HTTP, enabling potential exposure of data via a MITM-like scenario (CONF: partial confidentiality). The issue is documented across multiple sources (NVD entry CVE-2019-14959; Red Hat and Microsoft advisories; JetBrains Sec...

5.9CVSS5.7AI score0.00656EPSS
CVE
CVE
added 2024/02/06 9:21 a.m.141 views

CVE-2024-24943

CVE-2024-24943 affects JetBrains Toolbox App prior to 2.2. Affected component: parsing/rendering of SVG images, with root cause described as a DoS in a malicious SVG image leading to availability impact. Reported impact: availability loss (DoS) with no confidentiality/integrity impact per sources...

5.5CVSS5.5AI score0.00407EPSS
CVE
CVE
added 2023/04/28 9:22 a.m.79 views

CVE-2022-48481

JetBrains Toolbox App (macOS) prior to version 1.28 is affected by a vulnerability allowing DYLIB injection. Root cause: dylib loading/injection path on macOS leads to potential tampering. Impact: supports potential malicious activity, with confidentiality/integrity/availability concerns noted in...

7.8CVSS7.6AI score0.00208EPSS
CVE
CVE
added 2025/04/17 3:56 p.m.70 views

CVE-2025-43013

JetBrains Toolbox App prior to version 2.6 is affected by CVE-2025-43013 due to unencrypted credential transmission during SSH authentication. The issue is documented across multiple sources (Red Hat, NVD, CNVD, Nessus plugin, and PT Security) and is tied specifically to the SSH plugin’s handling...

7.5CVSS7.2AI score0.00141EPSS
CVE
CVE
added 2025/04/17 3:56 p.m.69 views

CVE-2025-43014

CVE-2025-43014 affects JetBrains Toolbox App prior to 2.6, specifically the SSH plugin, which established connections without sufficient user confirmation. The available connected documents confirm this vulnerability exists in versions before 2.6 and describe the issue as a lack of proper user va...

6.5CVSS7AI score0.00201EPSS
CVE
CVE
added 2025/04/17 3:56 p.m.67 views

CVE-2025-43012

JetBrains Toolbox App prior to version 2.6 is affected by a vulnerability in the SSH plugin that enables command injection due to improper input handling. Reported as CVE-2025-43012, the issue can permit arbitrary code execution with network access and no user interaction required, as reflected b...

9.8CVSS7.5AI score0.0062EPSS
CVE
CVE
added 2020/08/08 8:24 p.m.65 views

CVE-2020-15827

JetBrains Toolbox 1.17 before 1.17.6856 had a signature verification issue: the set of verifications omitted the jetbrains-toolbox.exe. This concerns integrity checks. Remediation: upgrade to 1.17.6856 or newer per the JetBrains Security Bulletin Q2 2020.

7.5CVSS7.5AI score0.00691EPSS
CVE
CVE
added 2025/04/17 3:56 p.m.57 views

CVE-2025-42921

JetBrains Toolbox App has a CVE-2025-42921 vulnerability affecting versions prior to 2.6, caused by missing host key verification in the SSH plugin. Multiple connected sources corroborate that the SSH plugin’s host key verification is absent, enabling potential subversion of SSH authenticity. Aff...

6.5CVSS7AI score0.00176EPSS