Filtered by vendor Jetbrains
Subscribe
Search
Total
123 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14954 | 1 Jetbrains | 1 Intellij Idea | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection. | |||||
| CVE-2020-7908 | 1 Jetbrains | 1 Teamcity | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages. | |||||
| CVE-2019-15035 | 1 Jetbrains | 1 Teamcity | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1. | |||||
| CVE-2019-14959 | 1 Jetbrains | 1 Toolbox | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection. | |||||
| CVE-2019-18360 | 1 Jetbrains | 1 Hub | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery. | |||||
| CVE-2019-18363 | 1 Jetbrains | 1 Teamcity | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. | |||||
| CVE-2020-11938 | 1 Jetbrains | 1 Teamcity | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2. | |||||
| CVE-2020-15828 | 1 Jetbrains | 1 Teamcity | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. | |||||
| CVE-2020-15829 | 1 Jetbrains | 1 Teamcity | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. | |||||
| CVE-2020-25210 | 1 Jetbrains | 1 Youtrack | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants. | |||||
| CVE-2021-31900 | 1 Jetbrains | 1 Code With Me | 2021-05-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Code With Me bundled to the compatible IDE versions before 2021.1, a client could open a browser on a host. | |||||
| CVE-2021-27733 | 1 Jetbrains | 1 Youtrack | 2021-05-17 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment. | |||||
| CVE-2021-31903 | 1 Jetbrains | 1 Youtrack | 2021-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS. | |||||
| CVE-2021-31911 | 1 Jetbrains | 1 Teamcity | 2021-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages. | |||||
| CVE-2021-31904 | 1 Jetbrains | 1 Teamcity | 2021-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page. | |||||
| CVE-2021-31907 | 1 Jetbrains | 1 Teamcity | 2021-05-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly. | |||||
| CVE-2021-3315 | 1 Jetbrains | 1 Teamcity | 2021-05-13 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible. | |||||
| CVE-2021-31908 | 1 Jetbrains | 1 Teamcity | 2021-05-13 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages. | |||||
| CVE-2021-25764 | 1 Jetbrains | 1 Phpstorm | 2021-03-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains PhpStorm before 2020.3, source code could be added to debug logs. | |||||
| CVE-2021-25766 | 1 Jetbrains | 1 Youtrack | 2021-02-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made. | |||||
| CVE-2021-25762 | 1 Jetbrains | 1 Ktor | 2021-02-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. | |||||
| CVE-2020-25208 | 1 Jetbrains | 1 Youtrack | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions. | |||||
| CVE-2021-25763 | 1 Jetbrains | 1 Ktor | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default. | |||||
| CVE-2021-25767 | 1 Jetbrains | 1 Youtrack | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution. | |||||
| CVE-2021-25774 | 1 Jetbrains | 1 Teamcity | 2021-02-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user. | |||||
| CVE-2021-25756 | 1 Jetbrains | 1 Intellij Idea | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS. | |||||
| CVE-2021-25760 | 1 Jetbrains | 1 Hub | 2021-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible. | |||||
| CVE-2021-25757 | 1 Jetbrains | 1 Hub | 2021-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| In JetBrains Hub before 2020.1.12629, an open redirect was possible. | |||||
| CVE-2021-25772 | 1 Jetbrains | 1 Teamcity | 2021-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration. | |||||
| CVE-2021-25777 | 1 Jetbrains | 1 Teamcity | 2021-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. | |||||
| CVE-2021-25771 | 1 Jetbrains | 1 Youtrack | 2021-02-04 | 5.0 MEDIUM | 4.3 MEDIUM |
| In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed. | |||||
| CVE-2021-25773 | 1 Jetbrains | 1 Teamcity | 2021-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages. | |||||
| CVE-2020-27629 | 1 Jetbrains | 1 Teamcity | 2020-12-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. | |||||
| CVE-2020-26129 | 1 Jetbrains | 1 Ktor | 2020-12-01 | 6.4 MEDIUM | 6.5 MEDIUM |
| In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. | |||||
| CVE-2020-27627 | 1 Jetbrains | 1 Teamcity | 2020-12-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. | |||||
| CVE-2020-27622 | 1 Jetbrains | 1 Intellij Idea | 2020-11-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version. | |||||
| CVE-2020-27628 | 1 Jetbrains | 1 Teamcity | 2020-11-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. | |||||
| CVE-2020-27625 | 1 Jetbrains | 1 Youtrack | 2020-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues. | |||||
| CVE-2020-27624 | 1 Jetbrains | 1 Youtrack | 2020-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. | |||||
| CVE-2020-27626 | 1 Jetbrains | 1 Youtrack | 2020-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. | |||||
| CVE-2019-12846 | 1 Jetbrains | 1 Teamcity | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2. | |||||
| CVE-2019-12843 | 1 Jetbrains | 1 Teamcity | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3. | |||||
| CVE-2019-19389 | 1 Jetbrains | 1 Ktor | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. | |||||
| CVE-2019-12844 | 1 Jetbrains | 1 Teamcity | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3. | |||||
| CVE-2019-12845 | 1 Jetbrains | 1 Teamcity | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3. | |||||
| CVE-2019-18361 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | 4.6 MEDIUM | 5.3 MEDIUM |
| JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution. | |||||
| CVE-2020-15819 | 1 Jetbrains | 1 Youtrack | 2020-08-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. | |||||
| CVE-2020-15821 | 1 Jetbrains | 1 Youtrack | 2020-08-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. | |||||
| CVE-2020-15830 | 1 Jetbrains | 1 Teamcity | 2020-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. | |||||
| CVE-2020-15831 | 1 Jetbrains | 1 Teamcity | 2020-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. | |||||