Vendor CVEs
Jetbrains
All CVEs
564 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-38133 | 0.00 | — | 0.00 | Aug 10, 2022 | In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases | |||
| CVE-2022-37396 | 0.00 | — | 0.00 | Aug 3, 2022 | In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution | |||
| CVE-2022-37010 | 0.00 | — | 0.00 | Jul 28, 2022 | In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed | |||
| CVE-2022-37009 | 0.00 | — | 0.00 | Jul 28, 2022 | In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible | |||
| CVE-2022-36322 | 0.00 | — | 0.01 | Jul 20, 2022 | In JetBrains TeamCity before 2022.04.2 build parameter injection was possible | |||
| CVE-2022-36321 | 0.00 | — | 0.02 | Jul 20, 2022 | In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases | |||
| CVE-2022-34894 | 0.00 | — | 0.01 | Jul 1, 2022 | In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services | |||
| CVE-2022-29930 | 0.00 | — | 0.01 | May 12, 2022 | SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1. | |||
| CVE-2022-29929 | 0.00 | — | 0.00 | May 12, 2022 | In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible | |||
| CVE-2022-29928 | 0.00 | — | 0.00 | May 12, 2022 | In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible | |||
| CVE-2022-29927 | 0.00 | — | 0.01 | May 12, 2022 | In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible | |||
| CVE-2022-29821 | 0.00 | — | 0.00 | Apr 28, 2022 | In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible | |||
| CVE-2022-29820 | 0.00 | — | 0.00 | Apr 28, 2022 | In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible | |||
| CVE-2022-29819 | 0.00 | — | 0.00 | Apr 28, 2022 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible | |||
| CVE-2022-29818 | 0.00 | — | 0.00 | Apr 28, 2022 | In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed | |||
| CVE-2022-29817 | 0.00 | — | 0.00 | Apr 28, 2022 | In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible | |||
| CVE-2022-29816 | 0.00 | — | 0.00 | Apr 28, 2022 | In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible | |||
| CVE-2022-29815 | 0.00 | — | 0.00 | Apr 28, 2022 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible | |||
| CVE-2022-29814 | 0.00 | — | 0.00 | Apr 28, 2022 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible | |||
| CVE-2022-29813 | 0.00 | — | 0.00 | Apr 28, 2022 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible | |||
| CVE-2022-29812 | 0.00 | — | 0.00 | Apr 28, 2022 | In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient | |||
| CVE-2022-29811 | 0.00 | — | 0.00 | Apr 28, 2022 | In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. | |||
| CVE-2022-29035 | 0.00 | — | 0.01 | Apr 11, 2022 | In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations | |||
| CVE-2022-28651 | 0.00 | — | 0.00 | Apr 5, 2022 | In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields | |||
| CVE-2022-28650 | 0.00 | — | 0.01 | Apr 5, 2022 | In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI | |||
| CVE-2022-28649 | 0.00 | — | 0.00 | Apr 5, 2022 | In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description | |||
| CVE-2022-28648 | 0.00 | — | 0.01 | Apr 5, 2022 | In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered | |||
| CVE-2022-24442 | 0.00 | — | 0.04 | Feb 25, 2022 | JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. | |||
| CVE-2022-25259 | 0.00 | — | 0.01 | Feb 25, 2022 | JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. | |||
| CVE-2022-25260 | 0.00 | — | 0.02 | Feb 25, 2022 | JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). | |||
| CVE-2022-25261 | 0.00 | — | 0.01 | Feb 25, 2022 | JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. | |||
| CVE-2022-25262 | 0.00 | — | 0.01 | Feb 25, 2022 | In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. | |||
| CVE-2022-25263 | 0.00 | — | 0.02 | Feb 25, 2022 | JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. | |||
| CVE-2022-25264 | 0.00 | — | 0.01 | Feb 25, 2022 | In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. | |||
| CVE-2021-45977 | 0.00 | — | 0.01 | Feb 25, 2022 | JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm… | |||
| CVE-2022-24347 | 0.00 | — | 0.01 | Feb 25, 2022 | JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. | |||
| CVE-2022-24346 | 0.00 | — | 0.00 | Feb 25, 2022 | In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible. | |||
| CVE-2022-24345 | 0.00 | — | 0.00 | Feb 25, 2022 | In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible. | |||
| CVE-2022-24344 | 0.00 | — | 0.01 | Feb 25, 2022 | JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. | |||
| CVE-2022-24343 | 0.00 | — | 0.01 | Feb 25, 2022 | In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. | |||
| CVE-2022-24342 | 0.00 | — | 0.03 | Feb 25, 2022 | In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. | |||
| CVE-2022-24341 | 0.00 | — | 0.01 | Feb 25, 2022 | In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user. | |||
| CVE-2022-24340 | 0.00 | — | 0.01 | Feb 25, 2022 | In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. | |||
| CVE-2022-24339 | 0.00 | — | 0.00 | Feb 25, 2022 | JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. | |||
| CVE-2022-24338 | 0.00 | — | 0.01 | Feb 25, 2022 | JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. | |||
| CVE-2022-24337 | 0.00 | — | 0.01 | Feb 25, 2022 | In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. | |||
| CVE-2022-24336 | 0.00 | — | 0.01 | Feb 25, 2022 | In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. | |||
| CVE-2022-24335 | 0.00 | — | 0.01 | Feb 25, 2022 | JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC. | |||
| CVE-2022-24334 | 0.00 | — | 0.01 | Feb 25, 2022 | In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. | |||
| CVE-2022-24333 | 0.00 | — | 0.01 | Feb 25, 2022 | In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. |
- CVE-2022-38133Aug 10, 2022risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases
- CVE-2022-37396Aug 3, 2022risk 0.00cvss —epss 0.00
In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution
- CVE-2022-37010Jul 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed
- CVE-2022-37009Jul 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible
- CVE-2022-36322Jul 20, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible
- CVE-2022-36321Jul 20, 2022risk 0.00cvss —epss 0.02
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases
- CVE-2022-34894Jul 1, 2022risk 0.00cvss —epss 0.01
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
- CVE-2022-29930May 12, 2022risk 0.00cvss —epss 0.01
SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.
- CVE-2022-29929May 12, 2022risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible
- CVE-2022-29928May 12, 2022risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible
- CVE-2022-29927May 12, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
- CVE-2022-29821Apr 28, 2022risk 0.00cvss —epss 0.00
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible
- CVE-2022-29820Apr 28, 2022risk 0.00cvss —epss 0.00
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible
- CVE-2022-29819Apr 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible
- CVE-2022-29818Apr 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed
- CVE-2022-29817Apr 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible
- CVE-2022-29816Apr 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible
- CVE-2022-29815Apr 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible
- CVE-2022-29814Apr 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible
- CVE-2022-29813Apr 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible
- CVE-2022-29812Apr 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient
- CVE-2022-29811Apr 28, 2022risk 0.00cvss —epss 0.00
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
- CVE-2022-29035Apr 11, 2022risk 0.00cvss —epss 0.01
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations
- CVE-2022-28651Apr 5, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields
- CVE-2022-28650Apr 5, 2022risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
- CVE-2022-28649Apr 5, 2022risk 0.00cvss —epss 0.00
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
- CVE-2022-28648Apr 5, 2022risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
- CVE-2022-24442Feb 25, 2022risk 0.00cvss —epss 0.04
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
- CVE-2022-25259Feb 25, 2022risk 0.00cvss —epss 0.01
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.
- CVE-2022-25260Feb 25, 2022risk 0.00cvss —epss 0.02
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
- CVE-2022-25261Feb 25, 2022risk 0.00cvss —epss 0.01
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.
- CVE-2022-25262Feb 25, 2022risk 0.00cvss —epss 0.01
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.
- CVE-2022-25263Feb 25, 2022risk 0.00cvss —epss 0.02
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.
- CVE-2022-25264Feb 25, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
- CVE-2021-45977Feb 25, 2022risk 0.00cvss —epss 0.01
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm…
- CVE-2022-24347Feb 25, 2022risk 0.00cvss —epss 0.01
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.
- CVE-2022-24346Feb 25, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible.
- CVE-2022-24345Feb 25, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible.
- CVE-2022-24344Feb 25, 2022risk 0.00cvss —epss 0.01
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.
- CVE-2022-24343Feb 25, 2022risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
- CVE-2022-24342Feb 25, 2022risk 0.00cvss —epss 0.03
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.
- CVE-2022-24341Feb 25, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
- CVE-2022-24340Feb 25, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
- CVE-2022-24339Feb 25, 2022risk 0.00cvss —epss 0.00
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
- CVE-2022-24338Feb 25, 2022risk 0.00cvss —epss 0.01
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
- CVE-2022-24337Feb 25, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
- CVE-2022-24336Feb 25, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
- CVE-2022-24335Feb 25, 2022risk 0.00cvss —epss 0.01
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
- CVE-2022-24334Feb 25, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.
- CVE-2022-24333Feb 25, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.
Page 7 of 12