Vendor CVEs
Jetbrains
All CVEs
564 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9872 | 0.00 | — | 0.01 | Jul 3, 2019 | In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and… | |||
| CVE-2019-9186 | 0.00 | — | 0.05 | Jul 3, 2019 | In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost… | |||
| CVE-2019-12847 | 0.00 | — | 0.01 | Jul 3, 2019 | In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period. | |||
| CVE-2019-12866 | 0.00 | — | 0.02 | Jul 3, 2019 | An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168. | |||
| CVE-2019-12867 | 0.00 | — | 0.02 | Jul 3, 2019 | Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168. | |||
| CVE-2019-12850 | 0.00 | — | 0.02 | Jul 3, 2019 | A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168. | |||
| CVE-2019-12851 | 0.00 | — | 0.01 | Jul 3, 2019 | A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852. | |||
| CVE-2019-10100 | 0.00 | — | 0.02 | Jul 3, 2019 | In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the… | |||
| CVE-2019-9823 | 0.00 | — | 0.02 | Jul 3, 2019 | In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8,… | |||
| CVE-2019-10102 | 0.00 | — | 0.01 | Jul 3, 2019 | JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30. | |||
| CVE-2019-10101 | 0.00 | — | 0.02 | Jul 3, 2019 | JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. | |||
| CVE-2019-10103 | 0.00 | — | 0.01 | Jul 3, 2019 | JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101. | |||
| CVE-2014-10036 | 0.00 | — | 0.02 | Jan 13, 2015 | Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html. | |||
| CVE-2014-10002 | 0.00 | — | 0.01 | Jan 13, 2015 | Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. |
- CVE-2019-9872Jul 3, 2019risk 0.00cvss —epss 0.01
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and…
- CVE-2019-9186Jul 3, 2019risk 0.00cvss —epss 0.05
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost…
- CVE-2019-12847Jul 3, 2019risk 0.00cvss —epss 0.01
In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period.
- CVE-2019-12866Jul 3, 2019risk 0.00cvss —epss 0.02
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
- CVE-2019-12867Jul 3, 2019risk 0.00cvss —epss 0.02
Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
- CVE-2019-12850Jul 3, 2019risk 0.00cvss —epss 0.02
A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.
- CVE-2019-12851Jul 3, 2019risk 0.00cvss —epss 0.01
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852.
- CVE-2019-10100Jul 3, 2019risk 0.00cvss —epss 0.02
In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the…
- CVE-2019-9823Jul 3, 2019risk 0.00cvss —epss 0.02
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8,…
- CVE-2019-10102Jul 3, 2019risk 0.00cvss —epss 0.01
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.
- CVE-2019-10101Jul 3, 2019risk 0.00cvss —epss 0.02
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.
- CVE-2019-10103Jul 3, 2019risk 0.00cvss —epss 0.01
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.
- CVE-2014-10036Jan 13, 2015risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html.
- CVE-2014-10002Jan 13, 2015risk 0.00cvss —epss 0.01
Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.
Page 12 of 12