Vulnerabilities (CVE)

Filtered by vendor Jetbrains Subscribe
Total 396 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3315 1 Jetbrains 1 Teamcity 2024-02-28 3.5 LOW 5.4 MEDIUM
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.
CVE-2021-37542 1 Jetbrains 1 Teamcity 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
In JetBrains TeamCity before 2020.2.3, XSS was possible.
CVE-2021-30006 1 Jetbrains 1 Intellij Idea 2024-02-28 5.0 MEDIUM 7.5 HIGH
In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure.
CVE-2021-31898 1 Jetbrains 1 Webstorm 2024-02-28 5.0 MEDIUM 7.5 HIGH
In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS.
CVE-2021-31905 1 Jetbrains 1 Youtrack 2024-02-28 5.0 MEDIUM 7.5 HIGH
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.
CVE-2021-31897 1 Jetbrains 1 Webstorm 2024-02-28 7.5 HIGH 9.8 CRITICAL
In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.
CVE-2021-37552 1 Jetbrains 1 Youtrack 2024-02-28 3.5 LOW 5.4 MEDIUM
In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.
CVE-2021-31907 1 Jetbrains 1 Teamcity 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.
CVE-2021-37541 1 Jetbrains 1 Hub 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
CVE-2021-25772 1 Jetbrains 1 Teamcity 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
CVE-2020-25210 1 Jetbrains 1 Youtrack 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.
CVE-2021-25765 1 Jetbrains 1 Youtrack 2024-02-28 6.8 MEDIUM 8.8 HIGH
In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.
CVE-2020-27628 1 Jetbrains 1 Teamcity 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
CVE-2020-27627 1 Jetbrains 1 Teamcity 2024-02-28 5.8 MEDIUM 6.1 MEDIUM
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
CVE-2020-35667 1 Jetbrains 1 Teamcity 2024-02-28 5.0 MEDIUM 7.5 HIGH
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.
CVE-2021-25755 1 Jetbrains 1 Code With Me 2024-02-28 1.9 LOW 2.5 LOW
In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic.
CVE-2021-25773 1 Jetbrains 1 Teamcity 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.
CVE-2020-29582 2 Jetbrains, Oracle 4 Kotlin, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 1 more 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
CVE-2020-27629 1 Jetbrains 1 Teamcity 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.
CVE-2021-25758 1 Jetbrains 1 Intellij Idea 2024-02-28 4.6 MEDIUM 7.8 HIGH
In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution.