VYPR

Vendor CVEs

Jetbrains

All CVEs

564 total · sorted by risk
  • CVE-2022-24332Feb 25, 2022
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.

  • CVE-2022-24331Feb 25, 2022
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.

  • CVE-2022-24330Feb 25, 2022
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.

  • CVE-2022-24328Feb 25, 2022
    risk 0.00cvss epss 0.01

    In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.

  • CVE-2022-24327Feb 25, 2022
    risk 0.00cvss epss 0.01

    In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.

  • CVE-2021-43202Nov 30, 2021
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.

  • CVE-2021-43180Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.

  • CVE-2021-43182Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.

  • CVE-2021-43181Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains Hub before 2021.1.13690, stored XSS is possible.

  • CVE-2021-43183Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.

  • CVE-2021-43203Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.

  • CVE-2021-43194Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2021.1.2, user enumeration was possible.

  • CVE-2021-43193Nov 9, 2021
    risk 0.00cvss epss 0.02

    In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.

  • CVE-2021-43196Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.

  • CVE-2021-43195Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.

  • CVE-2021-43197Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.

  • CVE-2021-43199Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.

  • CVE-2021-43198Nov 9, 2021
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2021.1.2, stored XSS is possible.

  • CVE-2021-43200Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.

  • CVE-2021-43201Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.

  • CVE-2021-43187Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information.

  • CVE-2021-43188Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete.

  • CVE-2021-43189Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack Mobile before 2021.2, access token protection on Android is incomplete.

  • CVE-2021-43190Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible.

  • CVE-2021-43192Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible.

  • CVE-2021-43191Nov 9, 2021
    risk 0.00cvss epss 0.01

    JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS.

  • CVE-2021-43184Nov 9, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.

  • CVE-2021-43185Nov 9, 2021
    risk 0.00cvss epss 0.02

    JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.

  • CVE-2021-43186Nov 9, 2021
    risk 0.00cvss epss 0.01

    JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.

  • CVE-2021-37554Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.

  • CVE-2021-37553Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.

  • CVE-2021-37551Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.

  • CVE-2021-37552Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.

  • CVE-2021-37550Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.

  • CVE-2021-37549Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.

  • CVE-2021-37548Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.

  • CVE-2021-37547Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.

  • CVE-2021-37546Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.

  • CVE-2021-37545Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.

  • CVE-2021-37544Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.

  • CVE-2021-37542Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2020.2.3, XSS was possible.

  • CVE-2021-37543Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects.

  • CVE-2021-37541Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.

  • CVE-2021-37540Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.

  • CVE-2021-36209Aug 6, 2021
    risk 0.00cvss epss 0.01

    In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.

  • CVE-2021-31897May 11, 2021
    risk 0.00cvss epss 0.02

    In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.

  • CVE-2021-31898May 11, 2021
    risk 0.00cvss epss 0.01

    In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS.

  • CVE-2021-30482May 11, 2021
    risk 0.00cvss epss 0.01

    In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly

  • CVE-2021-31915May 11, 2021
    risk 0.00cvss epss 0.03

    In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.

  • CVE-2021-31914May 11, 2021
    risk 0.00cvss epss 0.02

    In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.

Page 8 of 12