Vendor CVEs
Jetbrains
All CVEs
564 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-27622 | 0.00 | — | 0.01 | Nov 16, 2020 | In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version. | |||
| CVE-2020-26129 | 0.00 | — | 0.01 | Nov 16, 2020 | In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. | |||
| CVE-2020-27627 | 0.00 | — | 0.01 | Nov 16, 2020 | JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. | |||
| CVE-2020-27628 | 0.00 | — | 0.01 | Nov 16, 2020 | In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. | |||
| CVE-2020-27629 | 0.00 | — | 0.01 | Nov 16, 2020 | In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. | |||
| CVE-2020-25207 | 0.00 | — | 0.04 | Nov 16, 2020 | JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. | |||
| CVE-2020-25013 | 0.00 | — | 0.01 | Nov 16, 2020 | JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler. | |||
| CVE-2020-27624 | 0.00 | — | 0.01 | Nov 16, 2020 | JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. | |||
| CVE-2020-27625 | 0.00 | — | 0.01 | Nov 16, 2020 | In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues. | |||
| CVE-2020-27626 | 0.00 | — | 0.01 | Nov 16, 2020 | JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. | |||
| CVE-2020-25209 | 0.00 | — | 0.02 | Nov 16, 2020 | In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API. | |||
| CVE-2020-24366 | 0.00 | — | 0.00 | Nov 16, 2020 | Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups. | |||
| CVE-2020-25210 | 0.00 | — | 0.01 | Nov 16, 2020 | In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants. | |||
| CVE-2020-15822 | 0.00 | — | 0.01 | Oct 19, 2020 | In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. | |||
| CVE-2020-24618 | 0.00 | — | 0.02 | Aug 27, 2020 | In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access. | |||
| CVE-2019-19704 | 0.00 | — | 0.01 | Aug 8, 2020 | In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm. | |||
| CVE-2020-15830 | 0.00 | — | 0.01 | Aug 8, 2020 | JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. | |||
| CVE-2020-15831 | 0.00 | — | 0.01 | Aug 8, 2020 | JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. | |||
| CVE-2020-15828 | 0.00 | — | 0.01 | Aug 8, 2020 | In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. | |||
| CVE-2020-15829 | 0.00 | — | 0.01 | Aug 8, 2020 | In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. | |||
| CVE-2020-15825 | 0.00 | — | 0.01 | Aug 8, 2020 | In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges. | |||
| CVE-2020-15826 | 0.00 | — | 0.01 | Aug 8, 2020 | In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. | |||
| CVE-2020-15827 | 0.00 | — | 0.01 | Aug 8, 2020 | In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. | |||
| CVE-2020-15824 | 0.00 | — | 0.02 | Aug 8, 2020 | In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by… | |||
| CVE-2020-15823 | 0.00 | — | 0.02 | Aug 8, 2020 | JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. | |||
| CVE-2020-15821 | 0.00 | — | 0.01 | Aug 8, 2020 | In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. | |||
| CVE-2020-15820 | 0.00 | — | 0.01 | Aug 8, 2020 | In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. | |||
| CVE-2020-15819 | 0.00 | — | 0.01 | Aug 8, 2020 | JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. | |||
| CVE-2020-15817 | 0.00 | — | 0.02 | Aug 8, 2020 | In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. | |||
| CVE-2020-15818 | 0.00 | — | 0.01 | Aug 8, 2020 | In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. | |||
| CVE-2020-11938 | 0.00 | — | 0.01 | Apr 22, 2020 | In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2. | |||
| CVE-2020-11796 | 0.00 | — | 0.01 | Apr 22, 2020 | In JetBrains Space through 2020-04-22, the password authentication implementation was insecure. | |||
| CVE-2020-11795 | 0.00 | — | 0.01 | Apr 22, 2020 | In JetBrains Space through 2020-04-22, the session timeout period was configured improperly. | |||
| CVE-2020-11693 | 0.00 | — | 0.02 | Apr 22, 2020 | JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. | |||
| CVE-2020-11692 | 0.00 | — | 0.01 | Apr 22, 2020 | In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators. | |||
| CVE-2020-11691 | 0.00 | — | 0.01 | Apr 22, 2020 | In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. | |||
| CVE-2020-11690 | 0.00 | — | 0.02 | Apr 22, 2020 | In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases. | |||
| CVE-2020-11689 | 0.00 | — | 0.01 | Apr 22, 2020 | In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file. | |||
| CVE-2020-11688 | 0.00 | — | 0.01 | Apr 22, 2020 | In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session. | |||
| CVE-2020-11687 | 0.00 | — | 0.01 | Apr 22, 2020 | In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages. | |||
| CVE-2020-11686 | 0.00 | — | 0.01 | Apr 22, 2020 | In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings. | |||
| CVE-2020-11685 | 0.00 | — | 0.01 | Apr 22, 2020 | In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS. | |||
| CVE-2020-11416 | 0.00 | — | 0.01 | Apr 22, 2020 | JetBrains Space through 2020-04-22 allows stored XSS in Chats. | |||
| CVE-2020-11694 | 0.00 | — | 0.02 | Apr 10, 2020 | In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3. | |||
| CVE-2020-7907 | 0.00 | — | 0.01 | Feb 21, 2020 | In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections. | |||
| CVE-2020-7914 | 0.00 | — | 0.02 | Jan 31, 2020 | In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3. | |||
| CVE-2020-7913 | 0.00 | — | 0.01 | Jan 30, 2020 | JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description. | |||
| CVE-2020-7912 | 0.00 | — | 0.01 | Jan 30, 2020 | In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups. | |||
| CVE-2020-7911 | 0.00 | — | 0.01 | Jan 30, 2020 | In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS. | |||
| CVE-2020-7910 | 0.00 | — | 0.01 | Jan 30, 2020 | JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role. |
- CVE-2020-27622Nov 16, 2020risk 0.00cvss —epss 0.01
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version.
- CVE-2020-26129Nov 16, 2020risk 0.00cvss —epss 0.01
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
- CVE-2020-27627Nov 16, 2020risk 0.00cvss —epss 0.01
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
- CVE-2020-27628Nov 16, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
- CVE-2020-27629Nov 16, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.
- CVE-2020-25207Nov 16, 2020risk 0.00cvss —epss 0.04
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.
- CVE-2020-25013Nov 16, 2020risk 0.00cvss —epss 0.01
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
- CVE-2020-27624Nov 16, 2020risk 0.00cvss —epss 0.01
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.
- CVE-2020-27625Nov 16, 2020risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.
- CVE-2020-27626Nov 16, 2020risk 0.00cvss —epss 0.01
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.
- CVE-2020-25209Nov 16, 2020risk 0.00cvss —epss 0.02
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.
- CVE-2020-24366Nov 16, 2020risk 0.00cvss —epss 0.00
Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.
- CVE-2020-25210Nov 16, 2020risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.
- CVE-2020-15822Oct 19, 2020risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
- CVE-2020-24618Aug 27, 2020risk 0.00cvss —epss 0.02
In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.
- CVE-2019-19704Aug 8, 2020risk 0.00cvss —epss 0.01
In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm.
- CVE-2020-15830Aug 8, 2020risk 0.00cvss —epss 0.01
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.
- CVE-2020-15831Aug 8, 2020risk 0.00cvss —epss 0.01
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
- CVE-2020-15828Aug 8, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.
- CVE-2020-15829Aug 8, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.
- CVE-2020-15825Aug 8, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
- CVE-2020-15826Aug 8, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.
- CVE-2020-15827Aug 8, 2020risk 0.00cvss —epss 0.01
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.
- CVE-2020-15824Aug 8, 2020risk 0.00cvss —epss 0.02
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by…
- CVE-2020-15823Aug 8, 2020risk 0.00cvss —epss 0.02
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
- CVE-2020-15821Aug 8, 2020risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
- CVE-2020-15820Aug 8, 2020risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
- CVE-2020-15819Aug 8, 2020risk 0.00cvss —epss 0.01
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.
- CVE-2020-15817Aug 8, 2020risk 0.00cvss —epss 0.02
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.
- CVE-2020-15818Aug 8, 2020risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.
- CVE-2020-11938Apr 22, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2.
- CVE-2020-11796Apr 22, 2020risk 0.00cvss —epss 0.01
In JetBrains Space through 2020-04-22, the password authentication implementation was insecure.
- CVE-2020-11795Apr 22, 2020risk 0.00cvss —epss 0.01
In JetBrains Space through 2020-04-22, the session timeout period was configured improperly.
- CVE-2020-11693Apr 22, 2020risk 0.00cvss —epss 0.02
JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.
- CVE-2020-11692Apr 22, 2020risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.
- CVE-2020-11691Apr 22, 2020risk 0.00cvss —epss 0.01
In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.
- CVE-2020-11690Apr 22, 2020risk 0.00cvss —epss 0.02
In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases.
- CVE-2020-11689Apr 22, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
- CVE-2020-11688Apr 22, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
- CVE-2020-11687Apr 22, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
- CVE-2020-11686Apr 22, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
- CVE-2020-11685Apr 22, 2020risk 0.00cvss —epss 0.01
In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS.
- CVE-2020-11416Apr 22, 2020risk 0.00cvss —epss 0.01
JetBrains Space through 2020-04-22 allows stored XSS in Chats.
- CVE-2020-11694Apr 10, 2020risk 0.00cvss —epss 0.02
In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3.
- CVE-2020-7907Feb 21, 2020risk 0.00cvss —epss 0.01
In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections.
- CVE-2020-7914Jan 31, 2020risk 0.00cvss —epss 0.02
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.
- CVE-2020-7913Jan 30, 2020risk 0.00cvss —epss 0.01
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.
- CVE-2020-7912Jan 30, 2020risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.
- CVE-2020-7911Jan 30, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
- CVE-2020-7910Jan 30, 2020risk 0.00cvss —epss 0.01
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
Page 10 of 12