Filtered by vendor Jetbrains
Subscribe
Search
Total
123 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22370 | 1 Jetbrains | 1 Youtrack | 2024-01-12 | N/A | 5.4 MEDIUM |
| In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible | |||||
| CVE-2023-50871 | 1 Jetbrains | 1 Youtrack | 2023-12-19 | N/A | 4.3 MEDIUM |
| In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed | |||||
| CVE-2023-41248 | 1 Jetbrains | 1 Teamcity | 2023-08-28 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration | |||||
| CVE-2023-41250 | 1 Jetbrains | 1 Teamcity | 2023-08-28 | N/A | 6.1 MEDIUM |
| In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration | |||||
| CVE-2023-41249 | 1 Jetbrains | 1 Teamcity | 2023-08-28 | N/A | 6.1 MEDIUM |
| In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step | |||||
| CVE-2021-37540 | 1 Jetbrains | 1 Hub | 2023-08-08 | 6.4 MEDIUM | 6.5 MEDIUM |
| In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. | |||||
| CVE-2021-25761 | 1 Jetbrains | 1 Ktor | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. | |||||
| CVE-2022-24336 | 1 Jetbrains | 1 Teamcity | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. | |||||
| CVE-2023-39175 | 1 Jetbrains | 1 Teamcity | 2023-08-01 | N/A | 6.1 MEDIUM |
| In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible | |||||
| CVE-2022-36321 | 1 Jetbrains | 1 Teamcity | 2022-07-27 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases | |||||
| CVE-2022-24329 | 2 Jetbrains, Oracle | 2 Kotlin, Communications Pricing Design Center | 2022-07-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. | |||||
| CVE-2021-25759 | 1 Jetbrains | 1 Hub | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user. | |||||
| CVE-2021-25778 | 1 Jetbrains | 1 Teamcity | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly. | |||||
| CVE-2021-37546 | 1 Jetbrains | 1 Teamcity | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used. | |||||
| CVE-2021-37551 | 1 Jetbrains | 1 Youtrack | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256. | |||||
| CVE-2021-25768 | 1 Jetbrains | 1 Youtrack | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly. | |||||
| CVE-2022-34894 | 1 Jetbrains | 1 Hub | 2022-07-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services | |||||
| CVE-2022-29930 | 1 Jetbrains | 1 Ktor | 2022-06-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1. | |||||
| CVE-2022-29929 | 1 Jetbrains | 1 Teamcity | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible | |||||
| CVE-2022-29928 | 1 Jetbrains | 1 Teamcity | 2022-05-23 | 4.0 MEDIUM | 4.9 MEDIUM |
| In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible | |||||
| CVE-2022-29927 | 1 Jetbrains | 1 Teamcity | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible | |||||
| CVE-2020-29582 | 2 Jetbrains, Oracle | 4 Kotlin, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 1 more | 2022-05-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions. | |||||
| CVE-2022-29813 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 4.6 MEDIUM | 6.7 MEDIUM |
| In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible | |||||
| CVE-2022-29811 | 1 Jetbrains | 1 Hub | 2022-05-05 | 3.5 LOW | 4.8 MEDIUM |
| In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. | |||||
| CVE-2022-29815 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 4.6 MEDIUM | 6.7 MEDIUM |
| In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible | |||||
| CVE-2022-29817 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible | |||||
| CVE-2020-24618 | 1 Jetbrains | 1 Youtrack | 2022-04-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access. | |||||
| CVE-2021-43187 | 2 Apple, Jetbrains | 2 Iphone Os, Youtrack Mobile | 2021-11-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information. | |||||
| CVE-2021-43184 | 1 Jetbrains | 1 Youtrack | 2021-11-12 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains YouTrack before 2021.3.21051, stored XSS is possible. | |||||
| CVE-2021-43192 | 2 Apple, Jetbrains | 2 Iphone Os, Youtrack Mobile | 2021-11-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible. | |||||
| CVE-2021-43194 | 1 Jetbrains | 1 Teamcity | 2021-11-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2021.1.2, user enumeration was possible. | |||||
| CVE-2021-43181 | 1 Jetbrains | 1 Hub | 2021-11-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains Hub before 2021.1.13690, stored XSS is possible. | |||||
| CVE-2021-43191 | 3 Apple, Google, Jetbrains | 3 Iphone Os, Android, Youtrack Mobile | 2021-11-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS. | |||||
| CVE-2021-43190 | 2 Google, Jetbrains | 2 Android, Youtrack Mobile | 2021-11-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible. | |||||
| CVE-2021-43186 | 1 Jetbrains | 1 Youtrack | 2021-11-09 | 3.5 LOW | 5.4 MEDIUM |
| JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS. | |||||
| CVE-2021-43195 | 1 Jetbrains | 1 Teamcity | 2021-11-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing. | |||||
| CVE-2021-43197 | 1 Jetbrains | 1 Teamcity | 2021-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS. | |||||
| CVE-2021-43198 | 1 Jetbrains | 1 Teamcity | 2021-11-09 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains TeamCity before 2021.1.2, stored XSS is possible. | |||||
| CVE-2021-43199 | 1 Jetbrains | 1 Teamcity | 2021-11-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient. | |||||
| CVE-2021-43201 | 1 Jetbrains | 1 Teamcity | 2021-11-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project. | |||||
| CVE-2019-12156 | 1 Jetbrains | 1 Upsource | 2021-11-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293. | |||||
| CVE-2021-37554 | 1 Jetbrains | 1 Youtrack | 2021-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions. | |||||
| CVE-2021-37552 | 1 Jetbrains | 1 Youtrack | 2021-08-12 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. | |||||
| CVE-2021-37542 | 1 Jetbrains | 1 Teamcity | 2021-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2020.2.3, XSS was possible. | |||||
| CVE-2021-37541 | 1 Jetbrains | 1 Hub | 2021-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. | |||||
| CVE-2021-37547 | 1 Jetbrains | 1 Teamcity | 2021-08-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made. | |||||
| CVE-2020-15826 | 1 Jetbrains | 1 Teamcity | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. | |||||
| CVE-2020-15829 | 1 Jetbrains | 1 Teamcity | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. | |||||
| CVE-2020-15818 | 1 Jetbrains | 1 Youtrack | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. | |||||
| CVE-2020-15828 | 1 Jetbrains | 1 Teamcity | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. | |||||