Vendor CVEs
Jetbrains
All CVEs
564 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1313 | 0.00 | — | 0.01 | Jun 29, 2023 | JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request. | |||
| CVE-2023-35054 | 0.00 | — | 0.01 | Jun 12, 2023 | In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible | |||
| CVE-2023-35053 | 0.00 | — | 0.01 | Jun 12, 2023 | In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms | |||
| CVE-2023-34339 | 0.00 | — | 0.00 | Jun 1, 2023 | In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message | |||
| CVE-2023-34229 | 0.00 | — | 0.01 | May 31, 2023 | In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible | |||
| CVE-2023-34228 | 0.00 | — | 0.00 | May 31, 2023 | In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions | |||
| CVE-2023-34227 | 0.00 | — | 0.01 | May 31, 2023 | In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks | |||
| CVE-2023-34226 | 0.00 | — | 0.01 | May 31, 2023 | In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible | |||
| CVE-2023-34225 | 0.00 | — | 0.61 | May 31, 2023 | In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible | |||
| CVE-2023-34224 | 0.00 | — | 0.00 | May 31, 2023 | In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible | |||
| CVE-2023-34223 | 0.00 | — | 0.01 | May 31, 2023 | In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases | |||
| CVE-2023-34222 | 0.00 | — | 0.01 | May 31, 2023 | In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible | |||
| CVE-2023-34221 | 0.00 | — | 0.01 | May 31, 2023 | In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible | |||
| CVE-2023-34220 | 0.00 | — | 0.61 | May 31, 2023 | In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible | |||
| CVE-2023-34219 | 0.00 | — | 0.00 | May 31, 2023 | In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API | |||
| CVE-2023-34218 | 0.00 | — | 0.01 | May 31, 2023 | In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible | |||
| CVE-2022-48481 | 0.00 | — | 0.00 | Apr 28, 2023 | In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible | |||
| CVE-2022-48477 | 0.00 | — | 0.00 | Apr 24, 2023 | In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing | |||
| CVE-2022-48476 | 0.00 | — | 0.01 | Apr 24, 2023 | In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible | |||
| CVE-2022-48435 | 0.00 | — | 0.00 | Apr 4, 2023 | In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file | |||
| CVE-2022-48433 | 0.00 | — | 0.01 | Mar 29, 2023 | In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server. | |||
| CVE-2022-48432 | 0.00 | — | 0.00 | Mar 29, 2023 | In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed. | |||
| CVE-2022-48431 | 0.00 | — | 0.00 | Mar 29, 2023 | In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation. | |||
| CVE-2022-48430 | 0.00 | — | 0.00 | Mar 29, 2023 | In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview. | |||
| CVE-2022-48429 | 0.00 | — | 0.01 | Mar 27, 2023 | In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible | |||
| CVE-2022-48428 | 0.00 | — | 0.68 | Mar 27, 2023 | In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible | |||
| CVE-2022-48427 | 0.00 | — | 0.01 | Mar 27, 2023 | In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible | |||
| CVE-2022-48426 | 0.00 | — | 0.01 | Mar 27, 2023 | In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible | |||
| CVE-2022-48344 | 0.00 | — | 0.00 | Feb 23, 2023 | In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process. | |||
| CVE-2022-48343 | 0.00 | — | 0.59 | Feb 23, 2023 | In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process. | |||
| CVE-2022-48342 | 0.00 | — | 0.00 | Feb 23, 2023 | In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. | |||
| CVE-2022-47896 | 0.00 | — | 0.00 | Dec 22, 2022 | In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks. | |||
| CVE-2022-47895 | 0.00 | — | 0.00 | Dec 22, 2022 | In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files. | |||
| CVE-2022-46831 | 0.00 | — | 0.00 | Dec 8, 2022 | In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators. | |||
| CVE-2022-46830 | 0.00 | — | 0.00 | Dec 8, 2022 | In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. | |||
| CVE-2022-46829 | 0.00 | — | 0.00 | Dec 8, 2022 | In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented. | |||
| CVE-2022-46828 | 0.00 | — | 0.00 | Dec 8, 2022 | In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. | |||
| CVE-2022-46827 | 0.00 | — | 0.00 | Dec 8, 2022 | In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. | |||
| CVE-2022-46826 | 0.00 | — | 0.00 | Dec 8, 2022 | In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability. | |||
| CVE-2022-46825 | 0.00 | — | 0.00 | Dec 8, 2022 | In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects. | |||
| CVE-2022-46824 | 0.00 | — | 0.00 | Dec 8, 2022 | In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible. | |||
| CVE-2022-45471 | 0.00 | — | 0.01 | Nov 18, 2022 | In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address | |||
| CVE-2022-44622 | 0.00 | — | 0.00 | Nov 3, 2022 | In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive | |||
| CVE-2022-44623 | 0.00 | — | 0.01 | Nov 3, 2022 | In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings | |||
| CVE-2022-44646 | 0.00 | — | 0.00 | Nov 3, 2022 | In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings | |||
| CVE-2022-44624 | 0.00 | — | 0.01 | Nov 3, 2022 | In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters | |||
| CVE-2022-40979 | 0.00 | — | 0.00 | Sep 23, 2022 | In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable | |||
| CVE-2022-40978 | 0.00 | — | 0.00 | Sep 19, 2022 | The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking | |||
| CVE-2022-38180 | 0.00 | — | 0.01 | Aug 12, 2022 | In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases | |||
| CVE-2022-38179 | 0.00 | — | 0.00 | Aug 12, 2022 | JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack |
- CVE-2015-1313Jun 29, 2023risk 0.00cvss —epss 0.01
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
- CVE-2023-35054Jun 12, 2023risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
- CVE-2023-35053Jun 12, 2023risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
- CVE-2023-34339Jun 1, 2023risk 0.00cvss —epss 0.00
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
- CVE-2023-34229May 31, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
- CVE-2023-34228May 31, 2023risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
- CVE-2023-34227May 31, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
- CVE-2023-34226May 31, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
- CVE-2023-34225May 31, 2023risk 0.00cvss —epss 0.61
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
- CVE-2023-34224May 31, 2023risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
- CVE-2023-34223May 31, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
- CVE-2023-34222May 31, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
- CVE-2023-34221May 31, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
- CVE-2023-34220May 31, 2023risk 0.00cvss —epss 0.61
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
- CVE-2023-34219May 31, 2023risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
- CVE-2023-34218May 31, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
- CVE-2022-48481Apr 28, 2023risk 0.00cvss —epss 0.00
In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible
- CVE-2022-48477Apr 24, 2023risk 0.00cvss —epss 0.00
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
- CVE-2022-48476Apr 24, 2023risk 0.00cvss —epss 0.01
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
- CVE-2022-48435Apr 4, 2023risk 0.00cvss —epss 0.00
In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file
- CVE-2022-48433Mar 29, 2023risk 0.00cvss —epss 0.01
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
- CVE-2022-48432Mar 29, 2023risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.
- CVE-2022-48431Mar 29, 2023risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation.
- CVE-2022-48430Mar 29, 2023risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.
- CVE-2022-48429Mar 27, 2023risk 0.00cvss —epss 0.01
In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
- CVE-2022-48428Mar 27, 2023risk 0.00cvss —epss 0.68
In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible
- CVE-2022-48427Mar 27, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible
- CVE-2022-48426Mar 27, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
- CVE-2022-48344Feb 23, 2023risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
- CVE-2022-48343Feb 23, 2023risk 0.00cvss —epss 0.59
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
- CVE-2022-48342Feb 23, 2023risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
- CVE-2022-47896Dec 22, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.
- CVE-2022-47895Dec 22, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.
- CVE-2022-46831Dec 8, 2022risk 0.00cvss —epss 0.00
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.
- CVE-2022-46830Dec 8, 2022risk 0.00cvss —epss 0.00
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
- CVE-2022-46829Dec 8, 2022risk 0.00cvss —epss 0.00
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.
- CVE-2022-46828Dec 8, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.
- CVE-2022-46827Dec 8, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.
- CVE-2022-46826Dec 8, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.
- CVE-2022-46825Dec 8, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.
- CVE-2022-46824Dec 8, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.
- CVE-2022-45471Nov 18, 2022risk 0.00cvss —epss 0.01
In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address
- CVE-2022-44622Nov 3, 2022risk 0.00cvss —epss 0.00
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
- CVE-2022-44623Nov 3, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings
- CVE-2022-44646Nov 3, 2022risk 0.00cvss —epss 0.00
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings
- CVE-2022-44624Nov 3, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
- CVE-2022-40979Sep 23, 2022risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
- CVE-2022-40978Sep 19, 2022risk 0.00cvss —epss 0.00
The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking
- CVE-2022-38180Aug 12, 2022risk 0.00cvss —epss 0.01
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases
- CVE-2022-38179Aug 12, 2022risk 0.00cvss —epss 0.00
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack
Page 6 of 12