Filtered by vendor Jetbrains
Subscribe
Total
398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14953 | 2 Jetbrains, Mozilla | 2 Youtrack, Firefox | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser. | |||||
| CVE-2019-14956 | 1 Jetbrains | 1 Youtrack | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names. | |||||
| CVE-2019-12157 | 1 Jetbrains | 2 Teamcity, Upsource | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands. | |||||
| CVE-2020-7910 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role. | |||||
| CVE-2019-18368 | 1 Jetbrains | 1 Toolbox | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
| In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. | |||||
| CVE-2019-16407 | 1 Jetbrains | 1 Resharper | 2024-02-28 | 4.4 MEDIUM | 7.3 HIGH |
| JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability. | |||||
| CVE-2020-7909 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI. | |||||
| CVE-2020-7911 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS. | |||||
| CVE-2019-18362 | 1 Jetbrains | 1 Mps | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| JetBrains MPS before 2019.2.2 exposed listening ports to the network. | |||||
| CVE-2019-18369 | 1 Jetbrains | 1 Youtrack | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. | |||||
| CVE-2019-14960 | 1 Jetbrains | 1 Rider | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file. | |||||
| CVE-2019-12737 | 1 Jetbrains | 1 Ktor | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials. | |||||
| CVE-2019-15040 | 1 Jetbrains | 1 Youtrack | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. | |||||
| CVE-2019-18367 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. | |||||
| CVE-2019-12842 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2. | |||||
| CVE-2019-12846 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2. | |||||
| CVE-2019-9186 | 1 Jetbrains | 1 Intellij Idea | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. | |||||
| CVE-2019-10102 | 1 Jetbrains | 2 Kotlin, Ktor | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30. | |||||
| CVE-2019-10100 | 1 Jetbrains | 1 Youtrack Integration | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-template field to execute code remotely. | |||||
| CVE-2019-12867 | 1 Jetbrains | 1 Youtrack | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168. | |||||