VYPR

Vendor CVEs

Jetbrains

All CVEs

564 total · sorted by risk
  • CVE-2024-36364May 29, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible

  • CVE-2024-36362May 29, 2024
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible

  • CVE-2024-35302May 16, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible

  • CVE-2024-35301May 16, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token

  • CVE-2024-35300May 16, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible

  • CVE-2024-35299May 16, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation

  • CVE-2024-31140Mar 28, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools

  • CVE-2024-31139Mar 28, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector

  • CVE-2024-31138Mar 28, 2024
    risk 0.00cvss epss 0.74

    In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings

  • CVE-2024-31137Mar 28, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration

  • CVE-2024-31136Mar 28, 2024
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter

  • CVE-2024-31135Mar 28, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.03 open redirect was possible on the login page

  • CVE-2024-31134Mar 28, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled

  • CVE-2024-29880Mar 21, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process

  • CVE-2024-28230Mar 7, 2024
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions

  • CVE-2024-28229Mar 7, 2024
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles

  • CVE-2024-28228Mar 7, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible

  • CVE-2024-28174Mar 6, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly

  • CVE-2024-28173Mar 6, 2024
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed

  • CVE-2024-24943Feb 6, 2024
    risk 0.00cvss epss 0.00

    In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image

  • CVE-2024-24942Feb 6, 2024
    risk 0.00cvss epss 0.32

    In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives

  • CVE-2024-24941Feb 6, 2024
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL

  • CVE-2024-24940Feb 6, 2024
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives

  • CVE-2024-24939Feb 6, 2024
    risk 0.00cvss epss 0.00

    In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible

  • CVE-2024-24938Feb 6, 2024
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation

  • CVE-2024-24937Feb 6, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible

  • CVE-2024-24936Feb 6, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed

  • CVE-2024-22370Jan 9, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible

  • CVE-2023-51655Dec 21, 2023
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration

  • CVE-2023-50871Dec 15, 2023
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed

  • CVE-2023-50870Dec 15, 2023
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible

  • CVE-2023-45613Oct 9, 2023
    risk 0.00cvss epss 0.00

    In JetBrains Ktor before 2.3.5 server certificates were not verified

  • CVE-2023-45612Oct 9, 2023
    risk 0.00cvss epss 0.01

    In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE

  • CVE-2023-43566Sep 19, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration

  • CVE-2023-41250Aug 25, 2023
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration

  • CVE-2023-41249Aug 25, 2023
    risk 0.00cvss epss 0.53

    In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step

  • CVE-2023-41248Aug 25, 2023
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration

  • CVE-2023-39261Jul 26, 2023
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions

  • CVE-2023-39175Jul 25, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible

  • CVE-2023-39174Jul 25, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers

  • CVE-2023-39173Jul 25, 2023
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access

  • CVE-2023-38069Jul 12, 2023
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases

  • CVE-2023-38068Jul 12, 2023
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms

  • CVE-2023-38067Jul 12, 2023
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log

  • CVE-2023-38066Jul 12, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads

  • CVE-2023-38065Jul 12, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible

  • CVE-2023-38064Jul 12, 2023
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log

  • CVE-2023-38063Jul 12, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible

  • CVE-2023-38062Jul 12, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations

  • CVE-2023-38061Jul 12, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible

Page 5 of 12