Vulnerabilities (CVE)

Filtered by vendor Jetbrains Subscribe
Total 398 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-27733 1 Jetbrains 1 Youtrack 2024-11-21 3.5 LOW 5.4 MEDIUM
In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.
CVE-2021-26310 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible.
CVE-2021-26309 1 Jetbrains 1 Teamcity 2024-11-21 2.1 LOW 3.3 LOW
Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions.
CVE-2021-25778 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
CVE-2021-25777 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
CVE-2021-25776 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
CVE-2021-25775 1 Jetbrains 1 Teamcity 2024-11-21 5.5 MEDIUM 3.8 LOW
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.
CVE-2021-25774 1 Jetbrains 1 Teamcity 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.
CVE-2021-25773 1 Jetbrains 1 Teamcity 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.
CVE-2021-25772 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
CVE-2021-25771 1 Jetbrains 1 Youtrack 2024-11-21 5.0 MEDIUM 4.3 MEDIUM
In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.
CVE-2021-25770 1 Jetbrains 1 Youtrack 2024-11-21 7.5 HIGH 9.8 CRITICAL
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
CVE-2021-25769 1 Jetbrains 1 Youtrack 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.
CVE-2021-25768 1 Jetbrains 1 Youtrack 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.
CVE-2021-25767 1 Jetbrains 1 Youtrack 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.
CVE-2021-25766 1 Jetbrains 1 Youtrack 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.
CVE-2021-25765 1 Jetbrains 1 Youtrack 2024-11-21 6.8 MEDIUM 8.8 HIGH
In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.
CVE-2021-25764 1 Jetbrains 1 Phpstorm 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains PhpStorm before 2020.3, source code could be added to debug logs.
CVE-2021-25763 1 Jetbrains 1 Ktor 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.
CVE-2021-25762 1 Jetbrains 1 Ktor 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.