Filtered by vendor Jetbrains
Subscribe
Total
293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10101 | 1 Jetbrains | 1 Kotlin | 2022-04-18 | 6.8 MEDIUM | 8.1 HIGH |
| JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. | |||||
| CVE-2022-28650 | 1 Jetbrains | 1 Youtrack | 2022-04-18 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI | |||||
| CVE-2022-29035 | 1 Jetbrains | 1 Ktor | 2022-04-15 | 4.0 MEDIUM | 2.7 LOW |
| In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations | |||||
| CVE-2020-11694 | 2 Jetbrains, Microsoft | 2 Pycharm, Windows | 2022-04-06 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3. | |||||
| CVE-2022-25260 | 1 Jetbrains | 1 Hub | 2022-03-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). | |||||
| CVE-2022-25261 | 1 Jetbrains | 1 Teamcity | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. | |||||
| CVE-2022-25262 | 1 Jetbrains | 1 Hub | 2022-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. | |||||
| CVE-2022-25263 | 1 Jetbrains | 1 Teamcity | 2022-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. | |||||
| CVE-2022-25264 | 1 Jetbrains | 1 Teamcity | 2022-03-08 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. | |||||
| CVE-2021-45977 | 1 Jetbrains | 7 Clion, Goland, Intellij Idea and 4 more | 2022-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1. | |||||
| CVE-2022-24331 | 1 Jetbrains | 1 Teamcity | 2022-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. | |||||
| CVE-2022-24346 | 1 Jetbrains | 1 Intellij Idea | 2022-03-04 | 4.6 MEDIUM | 7.8 HIGH |
| In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible. | |||||
| CVE-2022-24345 | 1 Jetbrains | 1 Intellij Idea | 2022-03-04 | 4.6 MEDIUM | 7.8 HIGH |
| In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible. | |||||
| CVE-2022-24332 | 1 Jetbrains | 1 Teamcity | 2022-03-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie. | |||||
| CVE-2022-24333 | 1 Jetbrains | 1 Teamcity | 2022-03-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. | |||||
| CVE-2022-24442 | 1 Jetbrains | 1 Youtrack | 2022-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. | |||||
| CVE-2022-24337 | 1 Jetbrains | 1 Teamcity | 2022-03-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. | |||||
| CVE-2022-25259 | 1 Jetbrains | 1 Hub | 2022-03-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. | |||||
| CVE-2022-24340 | 1 Jetbrains | 1 Teamcity | 2022-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. | |||||
| CVE-2022-24347 | 1 Jetbrains | 1 Youtrack | 2022-03-03 | 3.5 LOW | 5.4 MEDIUM |
| JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. | |||||