VYPR

Vendor CVEs

Jetbrains

All CVEs

564 total · sorted by risk
  • CVE-2015-1313Jun 29, 2023
    risk 0.00cvss epss 0.01

    JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.

  • CVE-2023-35054Jun 12, 2023
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible

  • CVE-2023-35053Jun 12, 2023
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms

  • CVE-2023-34339Jun 1, 2023
    risk 0.00cvss epss 0.00

    In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message

  • CVE-2023-34229May 31, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible

  • CVE-2023-34228May 31, 2023
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions

  • CVE-2023-34227May 31, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks

  • CVE-2023-34226May 31, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible

  • CVE-2023-34225May 31, 2023
    risk 0.00cvss epss 0.61

    In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible

  • CVE-2023-34224May 31, 2023
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible

  • CVE-2023-34223May 31, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases

  • CVE-2023-34222May 31, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible

  • CVE-2023-34221May 31, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible

  • CVE-2023-34220May 31, 2023
    risk 0.00cvss epss 0.61

    In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible

  • CVE-2023-34219May 31, 2023
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API

  • CVE-2023-34218May 31, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible

  • CVE-2022-48481Apr 28, 2023
    risk 0.00cvss epss 0.00

    In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible

  • CVE-2022-48477Apr 24, 2023
    risk 0.00cvss epss 0.00

    In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing

  • CVE-2022-48476Apr 24, 2023
    risk 0.00cvss epss 0.01

    In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible

  • CVE-2022-48435Apr 4, 2023
    risk 0.00cvss epss 0.00

    In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file

  • CVE-2022-48433Mar 29, 2023
    risk 0.00cvss epss 0.01

    In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.

  • CVE-2022-48432Mar 29, 2023
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.

  • CVE-2022-48431Mar 29, 2023
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation.

  • CVE-2022-48430Mar 29, 2023
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.

  • CVE-2022-48429Mar 27, 2023
    risk 0.00cvss epss 0.01

    In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible

  • CVE-2022-48428Mar 27, 2023
    risk 0.00cvss epss 0.68

    In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible

  • CVE-2022-48427Mar 27, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible

  • CVE-2022-48426Mar 27, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible

  • CVE-2022-48344Feb 23, 2023
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.

  • CVE-2022-48343Feb 23, 2023
    risk 0.00cvss epss 0.59

    In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

  • CVE-2022-48342Feb 23, 2023
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.

  • CVE-2022-47896Dec 22, 2022
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.

  • CVE-2022-47895Dec 22, 2022
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.

  • CVE-2022-46831Dec 8, 2022
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

  • CVE-2022-46830Dec 8, 2022
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.

  • CVE-2022-46829Dec 8, 2022
    risk 0.00cvss epss 0.00

    In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.

  • CVE-2022-46828Dec 8, 2022
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.

  • CVE-2022-46827Dec 8, 2022
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.

  • CVE-2022-46826Dec 8, 2022
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.

  • CVE-2022-46825Dec 8, 2022
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.

  • CVE-2022-46824Dec 8, 2022
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.

  • CVE-2022-45471Nov 18, 2022
    risk 0.00cvss epss 0.01

    In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address

  • CVE-2022-44622Nov 3, 2022
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive

  • CVE-2022-44623Nov 3, 2022
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings

  • CVE-2022-44646Nov 3, 2022
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings

  • CVE-2022-44624Nov 3, 2022
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters

  • CVE-2022-40979Sep 23, 2022
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable

  • CVE-2022-40978Sep 19, 2022
    risk 0.00cvss epss 0.00

    The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking

  • CVE-2022-38180Aug 12, 2022
    risk 0.00cvss epss 0.01

    In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases

  • CVE-2022-38179Aug 12, 2022
    risk 0.00cvss epss 0.00

    JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack

Page 6 of 12