Toolbox App
by Jetbrains
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-43014 | 0.00 | — | 0.00 | Apr 17, 2025 | In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation | |||
| CVE-2025-43013 | 0.00 | — | 0.00 | Apr 17, 2025 | In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible | |||
| CVE-2025-43012 | 0.00 | — | 0.01 | Apr 17, 2025 | In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible | |||
| CVE-2025-42921 | 0.00 | — | 0.00 | Apr 17, 2025 | In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin | |||
| CVE-2024-24943 | 0.00 | — | 0.00 | Feb 6, 2024 | In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image | |||
| CVE-2022-48481 | 0.00 | — | 0.00 | Apr 28, 2023 | In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible | |||
| CVE-2020-25207 | 0.00 | — | 0.04 | Nov 16, 2020 | JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. | |||
| CVE-2020-25013 | 0.00 | — | 0.01 | Nov 16, 2020 | JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler. | |||
| CVE-2020-15827 | 0.00 | — | 0.01 | Aug 8, 2020 | In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. | |||
| CVE-2019-18368 | 0.00 | — | 0.01 | Oct 31, 2019 | In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. | |||
| CVE-2019-14959 | 0.00 | — | 0.01 | Oct 2, 2019 | JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection. |
- CVE-2025-43014Apr 17, 2025risk 0.00cvss —epss 0.00
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
- CVE-2025-43013Apr 17, 2025risk 0.00cvss —epss 0.00
In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible
- CVE-2025-43012Apr 17, 2025risk 0.00cvss —epss 0.01
In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible
- CVE-2025-42921Apr 17, 2025risk 0.00cvss —epss 0.00
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
- CVE-2024-24943Feb 6, 2024risk 0.00cvss —epss 0.00
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image
- CVE-2022-48481Apr 28, 2023risk 0.00cvss —epss 0.00
In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible
- CVE-2020-25207Nov 16, 2020risk 0.00cvss —epss 0.04
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.
- CVE-2020-25013Nov 16, 2020risk 0.00cvss —epss 0.01
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
- CVE-2020-15827Aug 8, 2020risk 0.00cvss —epss 0.01
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.
- CVE-2019-18368Oct 31, 2019risk 0.00cvss —epss 0.01
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.
- CVE-2019-14959Oct 2, 2019risk 0.00cvss —epss 0.01
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.