Vendor CVEs
Jetbrains
All CVEs
564 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-36364 | 0.00 | — | 0.00 | May 29, 2024 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible | |||
| CVE-2024-36362 | 0.00 | — | 0.01 | May 29, 2024 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible | |||
| CVE-2024-35302 | 0.00 | — | 0.00 | May 16, 2024 | In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible | |||
| CVE-2024-35301 | 0.00 | — | 0.00 | May 16, 2024 | In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token | |||
| CVE-2024-35300 | 0.00 | — | 0.00 | May 16, 2024 | In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible | |||
| CVE-2024-35299 | 0.00 | — | 0.00 | May 16, 2024 | In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation | |||
| CVE-2024-31140 | 0.00 | — | 0.00 | Mar 28, 2024 | In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools | |||
| CVE-2024-31139 | 0.00 | — | 0.00 | Mar 28, 2024 | In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector | |||
| CVE-2024-31138 | 0.00 | — | 0.74 | Mar 28, 2024 | In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings | |||
| CVE-2024-31137 | 0.00 | — | 0.00 | Mar 28, 2024 | In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration | |||
| CVE-2024-31136 | 0.00 | — | 0.01 | Mar 28, 2024 | In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter | |||
| CVE-2024-31135 | 0.00 | — | 0.00 | Mar 28, 2024 | In JetBrains TeamCity before 2024.03 open redirect was possible on the login page | |||
| CVE-2024-31134 | 0.00 | — | 0.00 | Mar 28, 2024 | In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled | |||
| CVE-2024-29880 | 0.00 | — | 0.00 | Mar 21, 2024 | In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process | |||
| CVE-2024-28230 | 0.00 | — | 0.01 | Mar 7, 2024 | In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions | |||
| CVE-2024-28229 | 0.00 | — | 0.01 | Mar 7, 2024 | In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles | |||
| CVE-2024-28228 | 0.00 | — | 0.00 | Mar 7, 2024 | In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible | |||
| CVE-2024-28174 | 0.00 | — | 0.00 | Mar 6, 2024 | In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly | |||
| CVE-2024-28173 | 0.00 | — | 0.01 | Mar 6, 2024 | In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed | |||
| CVE-2024-24943 | 0.00 | — | 0.00 | Feb 6, 2024 | In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image | |||
| CVE-2024-24942 | 0.00 | — | 0.32 | Feb 6, 2024 | In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives | |||
| CVE-2024-24941 | 0.00 | — | 0.00 | Feb 6, 2024 | In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL | |||
| CVE-2024-24940 | 0.00 | — | 0.00 | Feb 6, 2024 | In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives | |||
| CVE-2024-24939 | 0.00 | — | 0.00 | Feb 6, 2024 | In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible | |||
| CVE-2024-24938 | 0.00 | — | 0.01 | Feb 6, 2024 | In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation | |||
| CVE-2024-24937 | 0.00 | — | 0.00 | Feb 6, 2024 | In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible | |||
| CVE-2024-24936 | 0.00 | — | 0.00 | Feb 6, 2024 | In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed | |||
| CVE-2024-22370 | 0.00 | — | 0.00 | Jan 9, 2024 | In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible | |||
| CVE-2023-51655 | 0.00 | — | 0.00 | Dec 21, 2023 | In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration | |||
| CVE-2023-50871 | 0.00 | — | 0.00 | Dec 15, 2023 | In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed | |||
| CVE-2023-50870 | 0.00 | — | 0.00 | Dec 15, 2023 | In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible | |||
| CVE-2023-45613 | 0.00 | — | 0.00 | Oct 9, 2023 | In JetBrains Ktor before 2.3.5 server certificates were not verified | |||
| CVE-2023-45612 | 0.00 | — | 0.01 | Oct 9, 2023 | In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE | |||
| CVE-2023-43566 | 0.00 | — | 0.01 | Sep 19, 2023 | In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration | |||
| CVE-2023-41250 | 0.00 | — | 0.00 | Aug 25, 2023 | In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration | |||
| CVE-2023-41249 | 0.00 | — | 0.53 | Aug 25, 2023 | In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step | |||
| CVE-2023-41248 | 0.00 | — | 0.00 | Aug 25, 2023 | In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration | |||
| CVE-2023-39261 | 0.00 | — | 0.00 | Jul 26, 2023 | In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions | |||
| CVE-2023-39175 | 0.00 | — | 0.01 | Jul 25, 2023 | In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible | |||
| CVE-2023-39174 | 0.00 | — | 0.01 | Jul 25, 2023 | In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers | |||
| CVE-2023-39173 | 0.00 | — | 0.00 | Jul 25, 2023 | In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access | |||
| CVE-2023-38069 | 0.00 | — | 0.00 | Jul 12, 2023 | In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases | |||
| CVE-2023-38068 | 0.00 | — | 0.00 | Jul 12, 2023 | In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms | |||
| CVE-2023-38067 | 0.00 | — | 0.00 | Jul 12, 2023 | In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log | |||
| CVE-2023-38066 | 0.00 | — | 0.01 | Jul 12, 2023 | In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads | |||
| CVE-2023-38065 | 0.00 | — | 0.01 | Jul 12, 2023 | In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible | |||
| CVE-2023-38064 | 0.00 | — | 0.00 | Jul 12, 2023 | In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log | |||
| CVE-2023-38063 | 0.00 | — | 0.01 | Jul 12, 2023 | In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible | |||
| CVE-2023-38062 | 0.00 | — | 0.01 | Jul 12, 2023 | In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations | |||
| CVE-2023-38061 | 0.00 | — | 0.01 | Jul 12, 2023 | In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible |
- CVE-2024-36364May 29, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible
- CVE-2024-36362May 29, 2024risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible
- CVE-2024-35302May 16, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible
- CVE-2024-35301May 16, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token
- CVE-2024-35300May 16, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible
- CVE-2024-35299May 16, 2024risk 0.00cvss —epss 0.00
In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
- CVE-2024-31140Mar 28, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
- CVE-2024-31139Mar 28, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
- CVE-2024-31138Mar 28, 2024risk 0.00cvss —epss 0.74
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
- CVE-2024-31137Mar 28, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
- CVE-2024-31136Mar 28, 2024risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
- CVE-2024-31135Mar 28, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
- CVE-2024-31134Mar 28, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled
- CVE-2024-29880Mar 21, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process
- CVE-2024-28230Mar 7, 2024risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions
- CVE-2024-28229Mar 7, 2024risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
- CVE-2024-28228Mar 7, 2024risk 0.00cvss —epss 0.00
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
- CVE-2024-28174Mar 6, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly
- CVE-2024-28173Mar 6, 2024risk 0.00cvss —epss 0.01
In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed
- CVE-2024-24943Feb 6, 2024risk 0.00cvss —epss 0.00
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image
- CVE-2024-24942Feb 6, 2024risk 0.00cvss —epss 0.32
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
- CVE-2024-24941Feb 6, 2024risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
- CVE-2024-24940Feb 6, 2024risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
- CVE-2024-24939Feb 6, 2024risk 0.00cvss —epss 0.00
In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible
- CVE-2024-24938Feb 6, 2024risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
- CVE-2024-24937Feb 6, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible
- CVE-2024-24936Feb 6, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
- CVE-2024-22370Jan 9, 2024risk 0.00cvss —epss 0.00
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible
- CVE-2023-51655Dec 21, 2023risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration
- CVE-2023-50871Dec 15, 2023risk 0.00cvss —epss 0.00
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed
- CVE-2023-50870Dec 15, 2023risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible
- CVE-2023-45613Oct 9, 2023risk 0.00cvss —epss 0.00
In JetBrains Ktor before 2.3.5 server certificates were not verified
- CVE-2023-45612Oct 9, 2023risk 0.00cvss —epss 0.01
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
- CVE-2023-43566Sep 19, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration
- CVE-2023-41250Aug 25, 2023risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
- CVE-2023-41249Aug 25, 2023risk 0.00cvss —epss 0.53
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step
- CVE-2023-41248Aug 25, 2023risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
- CVE-2023-39261Jul 26, 2023risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions
- CVE-2023-39175Jul 25, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
- CVE-2023-39174Jul 25, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers
- CVE-2023-39173Jul 25, 2023risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
- CVE-2023-38069Jul 12, 2023risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases
- CVE-2023-38068Jul 12, 2023risk 0.00cvss —epss 0.00
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
- CVE-2023-38067Jul 12, 2023risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
- CVE-2023-38066Jul 12, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
- CVE-2023-38065Jul 12, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
- CVE-2023-38064Jul 12, 2023risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
- CVE-2023-38063Jul 12, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
- CVE-2023-38062Jul 12, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations
- CVE-2023-38061Jul 12, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
Page 5 of 12