Vendor CVEs
Jetbrains
All CVEs
564 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-24332 | 0.00 | — | 0.01 | Feb 25, 2022 | In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie. | |||
| CVE-2022-24331 | 0.00 | — | 0.01 | Feb 25, 2022 | In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. | |||
| CVE-2022-24330 | 0.00 | — | 0.01 | Feb 25, 2022 | In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. | |||
| CVE-2022-24328 | 0.00 | — | 0.01 | Feb 25, 2022 | In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. | |||
| CVE-2022-24327 | 0.00 | — | 0.01 | Feb 25, 2022 | In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. | |||
| CVE-2021-43202 | 0.00 | — | 0.01 | Nov 30, 2021 | In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases. | |||
| CVE-2021-43180 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. | |||
| CVE-2021-43182 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. | |||
| CVE-2021-43181 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains Hub before 2021.1.13690, stored XSS is possible. | |||
| CVE-2021-43183 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. | |||
| CVE-2021-43203 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly. | |||
| CVE-2021-43194 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains TeamCity before 2021.1.2, user enumeration was possible. | |||
| CVE-2021-43193 | 0.00 | — | 0.02 | Nov 9, 2021 | In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible. | |||
| CVE-2021-43196 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible. | |||
| CVE-2021-43195 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing. | |||
| CVE-2021-43197 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS. | |||
| CVE-2021-43199 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient. | |||
| CVE-2021-43198 | 0.00 | — | 0.00 | Nov 9, 2021 | In JetBrains TeamCity before 2021.1.2, stored XSS is possible. | |||
| CVE-2021-43200 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient. | |||
| CVE-2021-43201 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project. | |||
| CVE-2021-43187 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information. | |||
| CVE-2021-43188 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete. | |||
| CVE-2021-43189 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains YouTrack Mobile before 2021.2, access token protection on Android is incomplete. | |||
| CVE-2021-43190 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible. | |||
| CVE-2021-43192 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible. | |||
| CVE-2021-43191 | 0.00 | — | 0.01 | Nov 9, 2021 | JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS. | |||
| CVE-2021-43184 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains YouTrack before 2021.3.21051, stored XSS is possible. | |||
| CVE-2021-43185 | 0.00 | — | 0.02 | Nov 9, 2021 | JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection. | |||
| CVE-2021-43186 | 0.00 | — | 0.01 | Nov 9, 2021 | JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS. | |||
| CVE-2021-37554 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions. | |||
| CVE-2021-37553 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. | |||
| CVE-2021-37551 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256. | |||
| CVE-2021-37552 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. | |||
| CVE-2021-37550 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used. | |||
| CVE-2021-37549 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient. | |||
| CVE-2021-37548 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. | |||
| CVE-2021-37547 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made. | |||
| CVE-2021-37546 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used. | |||
| CVE-2021-37545 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. | |||
| CVE-2021-37544 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. | |||
| CVE-2021-37542 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains TeamCity before 2020.2.3, XSS was possible. | |||
| CVE-2021-37543 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects. | |||
| CVE-2021-37541 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. | |||
| CVE-2021-37540 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. | |||
| CVE-2021-36209 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. | |||
| CVE-2021-31897 | 0.00 | — | 0.02 | May 11, 2021 | In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects. | |||
| CVE-2021-31898 | 0.00 | — | 0.01 | May 11, 2021 | In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS. | |||
| CVE-2021-30482 | 0.00 | — | 0.01 | May 11, 2021 | In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly | |||
| CVE-2021-31915 | 0.00 | — | 0.03 | May 11, 2021 | In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. | |||
| CVE-2021-31914 | 0.00 | — | 0.02 | May 11, 2021 | In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible. |
- CVE-2022-24332Feb 25, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
- CVE-2022-24331Feb 25, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
- CVE-2022-24330Feb 25, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
- CVE-2022-24328Feb 25, 2022risk 0.00cvss —epss 0.01
In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.
- CVE-2022-24327Feb 25, 2022risk 0.00cvss —epss 0.01
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.
- CVE-2021-43202Nov 30, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
- CVE-2021-43180Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.
- CVE-2021-43182Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.
- CVE-2021-43181Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains Hub before 2021.1.13690, stored XSS is possible.
- CVE-2021-43183Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.
- CVE-2021-43203Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.
- CVE-2021-43194Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
- CVE-2021-43193Nov 9, 2021risk 0.00cvss —epss 0.02
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
- CVE-2021-43196Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
- CVE-2021-43195Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.
- CVE-2021-43197Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
- CVE-2021-43199Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
- CVE-2021-43198Nov 9, 2021risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
- CVE-2021-43200Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
- CVE-2021-43201Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.
- CVE-2021-43187Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information.
- CVE-2021-43188Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete.
- CVE-2021-43189Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack Mobile before 2021.2, access token protection on Android is incomplete.
- CVE-2021-43190Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible.
- CVE-2021-43192Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible.
- CVE-2021-43191Nov 9, 2021risk 0.00cvss —epss 0.01
JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS.
- CVE-2021-43184Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.
- CVE-2021-43185Nov 9, 2021risk 0.00cvss —epss 0.02
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
- CVE-2021-43186Nov 9, 2021risk 0.00cvss —epss 0.01
JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.
- CVE-2021-37554Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.
- CVE-2021-37553Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
- CVE-2021-37551Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
- CVE-2021-37552Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.
- CVE-2021-37550Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.
- CVE-2021-37549Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.
- CVE-2021-37548Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.
- CVE-2021-37547Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.
- CVE-2021-37546Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
- CVE-2021-37545Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.
- CVE-2021-37544Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.
- CVE-2021-37542Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2.3, XSS was possible.
- CVE-2021-37543Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects.
- CVE-2021-37541Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
- CVE-2021-37540Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.
- CVE-2021-36209Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
- CVE-2021-31897May 11, 2021risk 0.00cvss —epss 0.02
In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.
- CVE-2021-31898May 11, 2021risk 0.00cvss —epss 0.01
In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS.
- CVE-2021-30482May 11, 2021risk 0.00cvss —epss 0.01
In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly
- CVE-2021-31915May 11, 2021risk 0.00cvss —epss 0.03
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
- CVE-2021-31914May 11, 2021risk 0.00cvss —epss 0.02
In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.
Page 8 of 12