VYPR

Vendor CVEs

Jetbrains

All CVEs

564 total · sorted by risk
  • CVE-2019-9872Jul 3, 2019
    risk 0.00cvss epss 0.01

    In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and…

  • CVE-2019-9186Jul 3, 2019
    risk 0.00cvss epss 0.05

    In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost…

  • CVE-2019-12847Jul 3, 2019
    risk 0.00cvss epss 0.01

    In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period.

  • CVE-2019-12866Jul 3, 2019
    risk 0.00cvss epss 0.02

    An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.

  • CVE-2019-12867Jul 3, 2019
    risk 0.00cvss epss 0.02

    Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.

  • CVE-2019-12850Jul 3, 2019
    risk 0.00cvss epss 0.02

    A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.

  • CVE-2019-12851Jul 3, 2019
    risk 0.00cvss epss 0.01

    A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852.

  • CVE-2019-10100Jul 3, 2019
    risk 0.00cvss epss 0.02

    In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the…

  • CVE-2019-9823Jul 3, 2019
    risk 0.00cvss epss 0.02

    In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8,…

  • CVE-2019-10102Jul 3, 2019
    risk 0.00cvss epss 0.01

    JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.

  • CVE-2019-10101Jul 3, 2019
    risk 0.00cvss epss 0.02

    JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.

  • CVE-2019-10103Jul 3, 2019
    risk 0.00cvss epss 0.01

    JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.

  • CVE-2014-10036Jan 13, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html.

  • CVE-2014-10002Jan 13, 2015
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.

Page 12 of 12