VYPR

Vendor CVEs

Jetbrains

All CVEs

564 total · sorted by risk
  • CVE-2020-27622Nov 16, 2020
    risk 0.00cvss epss 0.01

    In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version.

  • CVE-2020-26129Nov 16, 2020
    risk 0.00cvss epss 0.01

    In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.

  • CVE-2020-27627Nov 16, 2020
    risk 0.00cvss epss 0.01

    JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.

  • CVE-2020-27628Nov 16, 2020
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.

  • CVE-2020-27629Nov 16, 2020
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.

  • CVE-2020-25207Nov 16, 2020
    risk 0.00cvss epss 0.04

    JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.

  • CVE-2020-25013Nov 16, 2020
    risk 0.00cvss epss 0.01

    JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.

  • CVE-2020-27624Nov 16, 2020
    risk 0.00cvss epss 0.01

    JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.

  • CVE-2020-27625Nov 16, 2020
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.

  • CVE-2020-27626Nov 16, 2020
    risk 0.00cvss epss 0.01

    JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.

  • CVE-2020-25209Nov 16, 2020
    risk 0.00cvss epss 0.02

    In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.

  • CVE-2020-24366Nov 16, 2020
    risk 0.00cvss epss 0.00

    Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.

  • CVE-2020-25210Nov 16, 2020
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.

  • CVE-2020-15822Oct 19, 2020
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.

  • CVE-2020-24618Aug 27, 2020
    risk 0.00cvss epss 0.02

    In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.

  • CVE-2019-19704Aug 8, 2020
    risk 0.00cvss epss 0.01

    In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm.

  • CVE-2020-15830Aug 8, 2020
    risk 0.00cvss epss 0.01

    JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.

  • CVE-2020-15831Aug 8, 2020
    risk 0.00cvss epss 0.01

    JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.

  • CVE-2020-15828Aug 8, 2020
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.

  • CVE-2020-15829Aug 8, 2020
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.

  • CVE-2020-15825Aug 8, 2020
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.

  • CVE-2020-15826Aug 8, 2020
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.

  • CVE-2020-15827Aug 8, 2020
    risk 0.00cvss epss 0.01

    In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.

  • CVE-2020-15824Aug 8, 2020
    risk 0.00cvss epss 0.02

    In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by…

  • CVE-2020-15823Aug 8, 2020
    risk 0.00cvss epss 0.02

    JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.

  • CVE-2020-15821Aug 8, 2020
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.

  • CVE-2020-15820Aug 8, 2020
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.

  • CVE-2020-15819Aug 8, 2020
    risk 0.00cvss epss 0.01

    JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.

  • CVE-2020-15817Aug 8, 2020
    risk 0.00cvss epss 0.02

    In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.

  • CVE-2020-15818Aug 8, 2020
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.

  • CVE-2020-11938Apr 22, 2020
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2.

  • CVE-2020-11796Apr 22, 2020
    risk 0.00cvss epss 0.01

    In JetBrains Space through 2020-04-22, the password authentication implementation was insecure.

  • CVE-2020-11795Apr 22, 2020
    risk 0.00cvss epss 0.01

    In JetBrains Space through 2020-04-22, the session timeout period was configured improperly.

  • CVE-2020-11693Apr 22, 2020
    risk 0.00cvss epss 0.02

    JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.

  • CVE-2020-11692Apr 22, 2020
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.

  • CVE-2020-11691Apr 22, 2020
    risk 0.00cvss epss 0.01

    In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.

  • CVE-2020-11690Apr 22, 2020
    risk 0.00cvss epss 0.02

    In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases.

  • CVE-2020-11689Apr 22, 2020
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.

  • CVE-2020-11688Apr 22, 2020
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.

  • CVE-2020-11687Apr 22, 2020
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.

  • CVE-2020-11686Apr 22, 2020
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.

  • CVE-2020-11685Apr 22, 2020
    risk 0.00cvss epss 0.01

    In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS.

  • CVE-2020-11416Apr 22, 2020
    risk 0.00cvss epss 0.01

    JetBrains Space through 2020-04-22 allows stored XSS in Chats.

  • CVE-2020-11694Apr 10, 2020
    risk 0.00cvss epss 0.02

    In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3.

  • CVE-2020-7907Feb 21, 2020
    risk 0.00cvss epss 0.01

    In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections.

  • CVE-2020-7914Jan 31, 2020
    risk 0.00cvss epss 0.02

    In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.

  • CVE-2020-7913Jan 30, 2020
    risk 0.00cvss epss 0.01

    JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.

  • CVE-2020-7912Jan 30, 2020
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.

  • CVE-2020-7911Jan 30, 2020
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.

  • CVE-2020-7910Jan 30, 2020
    risk 0.00cvss epss 0.01

    JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.

Page 10 of 12