Problèmes de sécurité corrigés

Cette page contient des informations sur les problèmes de sécurité résolus, notamment leur description, leur gravité, les CVE associés et les versions du produit dans lesquelles ils ont été résolus.

ProduitDescriptionGravitéCorrigé dansCWECVE
TeamCitySeveral DOM-based XSS were possible on the Code Inspection Report tab (TW-87505)Medium2024.12.2CWE-79CVE-2025-26493
TeamCityImproper Kubernetes connection settings could expose sensitive resources (TW-91106)High2024.12.2CWE-522CVE-2025-26492
dotTraceLocal Privilege Escalation via the ETW Host Service was possible (DTRC-31503)High2024.3.4, 2024.2.8, 2024.1.7CWE-114CVE-2025-23385
ETW Host ServiceLocal Privilege Escalation via the ETW Host Service was possible (DTRC-31503)High16.43CWE-114CVE-2025-23385
ReSharperLocal Privilege Escalation via the ETW Host Service was possible (DTRC-31503)High2024.3.4, 2024.2.8, 2024.1.7CWE-114CVE-2025-23385
RiderLocal Privilege Escalation via the ETW Host Service was possible (DTRC-31503)High2024.3.4, 2024.2.8, 2024.1.7CWE-114CVE-2025-23385
HubPrivilege escalation was possible via LDAP authentication mapping. Reported by Pavel Supruniuk (HUB-12012)Medium2024.3.55417CWE-288CVE-2025-24456
TeamCityReflected XSS was possible on the Vault Connection page (TW-91124)Medium2024.12.1CWE-79CVE-2025-24459
TeamCityImproper access control allowed to see Projects’ names in the agent pool (TW-52375, TW-91367)Medium2024.12.1CWE-863CVE-2025-24460
TeamCityDecryption of connection secrets without proper permissions was possible via Test Connection endpoint (TW-91164)Medium2024.12.1CWE-862CVE-2025-24461
YouTrackPermanent tokens could be exposed in logs. Reported by Dmitriy Titarenko (JT-86763)Medium2024.3.55417CWE-532CVE-2025-24457
YouTrackAccount takeover was possible via spoofed email and Helpdesk integration (JT-85444)High2024.3.55417CWE-290CVE-2025-24458
TeamCityImproper access control allowed viewing details of unauthorized agents (TW-85841)Medium2024.12CWE-863CVE-2024-56348
TeamCityImproper access control allowed unauthorized users to modify build logs (TW-90726)Medium2024.12CWE-862CVE-2024-56349
TeamCityBuild credentials allowed unauthorized viewing of projects (TW-24904)Medium2024.12CWE-863CVE-2024-56350
TeamCityAccess tokens were not revoked after removing user roles (TW-76910)Medium2024.12CWE-613CVE-2024-56351
TeamCityStored XSS was possible via image name on the agent details page (TW-89485)Medium2024.12CWE-79CVE-2024-56352
TeamCityBackup file exposed user credentials and session cookies. Reported by Thomas Siegbert (TW-89719)Medium2024.12CWE-212CVE-2024-56353
TeamCityPassword field value were accessible to users with view settings permission (TW-49870)Medium2024.12CWE-522CVE-2024-56354
TeamCityMissing Content-Type header in RemoteBuildLogController response could lead to XSS (TW-80940)Medium2024.12CWE-79CVE-2024-56355
TeamCityInsecure XMLParser configuration could lead to potential XXE attack (TW-86582)Medium2024.12CWE-611CVE-2024-56356
YouTrackUnauthenticated database backup download was possible via vulnerable query parameter (JT-85385)Low2024.3.51866CWE-862CVE-2024-54153
YouTrackSystem takeover was possible through path traversal in plugin sandbox (JT-85298)High2024.3.51866CWE-23CVE-2024-54154
YouTrackImproper access control allowed listing of project names during app import without authentication. Reported by Tom Gionfriddo (JT-85830)Low2024.3.51866CWE-862CVE-2024-54155
YouTrackMultiple merge functions were vulnerable to prototype pollution attack (JT-85614)Medium2024.3.52635CWE-1321CVE-2024-54156
YouTrackPotential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector (JT-85443)Medium2024.3.52635CWE-1333CVE-2024-54157
YouTrackPotential spoofing attack was possible via lack of Punycode encoding (JT-85607)Low2024.3.52635CWE-173CVE-2024-54158
WebStormCode execution in Untrusted Project mode was possible via type definitions installer script. Reported by Ramast Magdy (WEB-69576)Medium2024.3CWE-349CVE-2024-52555
HubImproper access control allowed users to generate permanent tokens for unauthorized services (HUB-11932)Medium2024.3.47707CWE-862CVE-2024-50573
YouTrackPotential ReDoS exploit was possible via email header parsing in Helpdesk functionality (JT-85386)Medium2024.3.47707CWE-1333CVE-2024-50574
YouTrackReflected XSS was possible in Widget API (JT-85387)Medium2024.3.47707CWE-79CVE-2024-50575
YouTrackStored XSS was possible via vendor URL in App manifest (JT-85389)Medium2024.3.47707CWE-79CVE-2024-50576
YouTrackStored XSS was possible via Angular template injection in Hub settings (JT-85384)Medium2024.3.47707CWE-79CVE-2024-50577
YouTrackStored XSS was possible via sprint value on agile boards page (JT-85299)Medium2024.3.47707CWE-79CVE-2024-50578
YouTrackReflected XSS due to insecure link sanitization was possible (JT-85383)Medium2024.3.47707CWE-79CVE-2024-50579
YouTrackMultiple XSS were possible due to insecure markdown parsing and custom rendering rule (JT-85295)Medium2024.3.47707CWE-79CVE-2024-50580
YouTrackImproper HTML sanitization could lead to XSS attack via comment tag (JT-85296)Medium2024.3.47707CWE-79CVE-2024-50581
YouTrackStored XSS was possible due to improper HTML sanitization in markdown elements (JT-85297)Medium2024.3.47707CWE-79CVE-2024-50582
KtorImproper caching in HttpCache Plugin could lead to response information disclosure. Reported by Nils Barlaug (KTOR-7483)Medium2.3.13CWE-524CVE-2024-49580
YouTrackInsecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests (JT-85294)High2024.3.47197CWE-940CVE-2024-49579
YouTrackImproper access control allowed users with project update permission to delete applications via APIMedium2024.3.46677CWE-862CVE-2024-48902
TeamCityPassword could be exposed via Sonar runner REST API (TW-64557)Medium2024.07.3CWE-522CVE-2024-47161
TeamCityPath traversal leading to information disclosure was possible via server backups. Reported by Thomas Siegbert (TW-89721)Medium2024.07.3CWE-23CVE-2024-47948
TeamCityPath traversal allowed backup file write to arbitrary location. Reported by Thomas Siegbert (TW-89723)Medium2024.07.3CWE-23CVE-2024-47949
TeamCityStored XSS was possible in Backup configuration settings. Reported by Thomas Siegbert (TW-89700)Low2024.07.3CWE-79CVE-2024-47950
TeamCityStored XSS was possible via server global settings (TW-88983)Low2024.07.3CWE-79CVE-2024-47951
YouTrackUser without appropriate permissions could restore workflows attached to a project (JT-82431)Medium2024.3.44799CWE-863CVE-2024-47159
YouTrackAccess to global app config data without appropriate permissions was possible (JT-81376)Medium2024.3.44799CWE-863CVE-2024-47160
YouTrackToken could be revealed on Imports page (JT-82142)Medium2024.3.44799CWE-522CVE-2024-47162
IntelliJ IDEAHTML injection via the project name was possible (IJPL-8358)Low2024.1CWE-79CVE-2024-46970
TeamCityPossible privilege escalation due to incorrect directory permissions. Reported by Crispr Xiang from TianShu Dubhe Team (TW-87656)High2024.07.1CWE-276CVE-2024-43114
TeamCityMultiple stored XSS was possible on Clouds page (TW-85512)Medium2024.07.1CWE-79CVE-2024-43807
TeamCitySelf XSS was possible in the HashiCorp Vault plugin (TW-84492)Low2024.07.1CWE-79CVE-2024-43808
TeamCityReflected XSS was possible on the agentPushPreset page (TW-84016)Low2024.07.1CWE-79CVE-2024-43809
TeamCityReflected XSS was possible in the AWS Core plugin (TW-86958)Medium2024.07.1CWE-79CVE-2024-43810
TeamCityParameters of the "password" type could leak into the build log in some specific cases (TW-67957)Medium2024.07CWE-532CVE-2024-41824
TeamCityStored XSS was possible on the Code Inspection tab (TW-83483)Medium2024.07CWE-79CVE-2024-41825
TeamCityStored XSS was possible on Show Connection page (TW-86935)Low2024.07CWE-79CVE-2024-41826
TeamCityAccess tokens could continue working after deletion or expiration (TW-76857)High2024.07CWE-613CVE-2024-41827
TeamCityComparison of authorization tokens took non-constant time (TW-85815)Low2024.07CWE-208CVE-2024-41828
TeamCityAn OAuth code for JetBrains Space could be stolen via Space Application connection (TW-84124)Low2024.07CWE-303CVE-2024-41829
TeamCityPrivate key could be exposed via testing GitHub App Connection (TW-88255)Medium2024.03.3CWE-522CVE-2024-39878
TeamCityApplication token could be exposed in EC2 Cloud Profile settings (TW-88399)Medium2024.03.3CWE-522CVE-2024-39879
HubStored XSS via project description was possible. Reported by Krzysztof Kamiński (HUB-11601)Low2024.2.34646CWE-79CVE-2024-38507
YouTrackThe Guest User Account was enabled for attaching files to articles (JT-81902)Medium2024.2.34646CWE-862CVE-2024-38504
YouTrackUser access token was sent to the third-party site. Reported by Sergey Zotov (JT-81798)Medium2024.2.34646CWE-522CVE-2024-38505
YouTrackUser without appropriate permissions could enable the auto-attach option for workflows (JT-81214)Medium2024.2.34646CWE-862CVE-2024-38506
AquaGitHub access token could be exposed to third-party sites (IJPL-155883)Critical2024.1.2CWE-522CVE-2024-37051
CLionGitHub access token could be exposed to third-party sites (IJPL-155883)Critical 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2CWE-522CVE-2024-37051
DataGripGitHub access token could be exposed to third-party sites (IJPL-155883)Critical2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4CWE-522CVE-2024-37051
DataSpellGitHub access token could be exposed to third-party sites (IJPL-155883)Critical2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1CWE-522CVE-2024-37051
GoLandGitHub access token could be exposed to third-party sites (IJPL-155883)Critical2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3CWE-522CVE-2024-37051
IntelliJ IDEAGitHub access token could be exposed to third-party sites (IJPL-155883)Critical2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3CWE-522CVE-2024-37051
MPSGitHub access token could be exposed to third-party sites (IJPL-155883)Critical2023.2.1, 2023.3.1, 2024.1 EAP2CWE-522CVE-2024-37051
PhpStormGitHub access token could be exposed to third-party sites (IJPL-155883)Critical2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3CWE-522CVE-2024-37051
PyCharmGitHub access token could be exposed to third-party sites (IJPL-155883)Critical2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2CWE-522CVE-2024-37051
RiderGitHub access token could be exposed to third-party sites (IJPL-155883)Critical2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3CWE-522CVE-2024-37051
RubyMineGitHub access token could be exposed to third-party sites (IJPL-155883)Critical2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4CWE-522CVE-2024-37051
RustRoverGitHub access token could be exposed to third-party sites (IJPL-155883)Critical2024.1.1CWE-522CVE-2024-37051
WebStormGitHub access token could be exposed to third-party sites (IJPL-155883)Critical2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4CWE-522CVE-2024-37051
TeamCityPath traversal allowing to read files from server was possible (TW-87898)Medium2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2CWE-23CVE-2024-36362
TeamCitySeveral Stored XSS in code inspection reports were possible (TW-83495)Medium2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5CWE-79CVE-2024-36363
TeamCityImproper access control in Pull Requests and Commit status publisher build features was possible (TW-84931)Medium2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5CWE-863CVE-2024-36364
TeamCityA third-party agent could impersonate a cloud agent (TW-87450)Medium2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2CWE-863CVE-2024-36365
TeamCityAn XSS could be executed via certain report grouping and filtering operations (TW-83893)Medium2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5CWE-79CVE-2024-36366
TeamCityStored XSS via third-party reports was possible (TW-83270)Medium2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5CWE-79CVE-2024-36367
TeamCityReflected XSS via OAuth provider configuration was possible (TW-83485)Medium2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5CWE-79CVE-2024-36368
TeamCityStored XSS via issue tracker integration was possible (TW-83149)Medium2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5CWE-79CVE-2024-36369
TeamCityStored XSS via OAuth connection settings was possible (TW-83658)Medium2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5CWE-79CVE-2024-36370
TeamCityStored XSS in Commit status publisher was possible (TW-84958)Medium2023.05.6, 2023.11.5CWE-79CVE-2024-36371
TeamCityReflected XSS on the subscriptions page was possible (TW-83892)Medium2023.05.6CWE-79CVE-2024-36372
TeamCitySeveral stored XSS in untrusted builds settings were possible (TW-87421)Medium2024.03.2CWE-79CVE-2024-36373
TeamCityStored XSS via build step settings was possible (TW-87381)Medium2024.03.2CWE-79CVE-2024-36374
TeamCityTechnical information regarding TeamCity server could be exposed (TW-87468)Medium2024.03.2CWE-209CVE-2024-36375
TeamCityUsers could perform actions that should not be available to them based on their permissions (TW-83710)Medium2024.03.2CWE-863CVE-2024-36376
TeamCityCertain TeamCity API endpoints did not check user permissions (TW-83647)Medium2024.03.2CWE-863CVE-2024-36377
TeamCityServer was susceptible to DoS attacks with incorrect auth tokens (TW-87071)Medium2024.03.2CWE-770CVE-2024-36378
TeamCityAuthentication bypass was possible in specific edge cases even when the security patch plugin is intstalled (TW-86860)High2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5CWE-288CVE-2024-36470
TeamCitySeveral Stored XSS in the available updates page were possible (TW-87050)Low2024.03.1CWE-79CVE-2024-35300
TeamCityCommit status publisher didn't check project scope of the GitHub App token (TW-86523)Medium2024.03.1CWE-280CVE-2024-35301
TeamCityStored XSS during restore from backup was possible (TW-82309)Medium2023.11CWE-79CVE-2024-35302
YouTrackThe SMTPS protocol communication lacked proper certificate hostname validation. Reported by Yusuke Yamamoto (JT-80708)Medium2024.1.29548CWE-295CVE-2024-35299
TeamCityAuthenticated users without administrative permissions could register other users when self-registration was disabled (TW-87046)Medium2024.03CWE-863CVE-2024-31134
TeamCityOpen redirect was possible on the login page (TW-87062)Medium2024.03CWE-601CVE-2024-31135
TeamCity2FA could be bypassed by providing a special URL parameter (TW-86989)High2024.03CWE-1288CVE-2024-31136
TeamCityReflected XSS was possible via Space connection configuration. Reported by Linh Dinh (TW-86832)Medium2024.03CWE-79CVE-2024-31137
TeamCityXSS was possible via Agent Distribution settings. Reported by Alex Williams from Trend Micro (TW-86535)Medium2024.03CWE-79CVE-2024-31138
TeamCityXXE was possible in the Maven build steps detector (TW-86300)Medium2024.03CWE-611CVE-2024-31139
TeamCityServer administrators could remove arbitrary files from the server by installing tools (TW-86039)Medium2024.03CWE-1288CVE-2024-31140
TeamCityUsers with access to the agent machine might obtain permissions of the user running the agent process (TW-83048)Medium2023.11CWE-749CVE-2024-29880
YouTrackCreation comments on behalf of an arbitrary user in HelpDesk was possible (JT-79678, JT-79719)Medium2024.1.25893CWE-290CVE-2024-28228
YouTrackUser without appropriate permissions could restore issues and articles (JT-79924)Medium2024.1.25893CWE-863CVE-2024-28229
YouTrackAttaching/detaching workflow to a project was possible without project admin permissions (JT-79758)Medium2024.1.25893CWE-862CVE-2024-28230
TeamCityCustom build parameters of the "password" type could be disclosed (TW-86403)Medium2023.11.4CWE-201CVE-2024-28173
TeamCityPresigned URL generation requests in S3 Artifact Storage plugin were authorized improperly (TW-85562)Medium2023.11.4CWE-863CVE-2024-28174
TeamCityAuthentication bypass allowing to perform admin actions was possible. Reported by Rapid7 team (TW-86500)Critical2023.11.4CWE-288CVE-2024-27198
TeamCityPath traversal allowing to perform limited admin actions was possible. Reported by Rapid7 team (TW-86502)High2023.11.4CWE-23CVE-2024-27199
IntelliJ IDEAPath traversal was possible when unpacking archives (IDEA-339542)Low2023.3.3CWE-23CVE-2024-24940
IntelliJ IDEAA plugin for JetBrains Space was able to send an authentication token to an inappropriate URL (IDEA-337274)Medium2023.3.3CWE-20CVE-2024-24941
RiderLogging of environment variables containing secret values was possible (RIDER-103340)Low2023.3.3CWE-532CVE-2024-24939
TeamCityPath traversal allowed reading data within JAR archives. Reported by Sndav Bai and Crispr Xiang from TianShu Dubhe Team (TW-86017)Medium2023.11.3CWE-23CVE-2024-24942
TeamCityAuthentication bypass leading to RCE was possible. Reported by Sndav Bai and Crispr Xiang from TianShu Dubhe Team (TW-86005)Critical2023.11.3CWE-288CVE-2024-23917
Toolbox AppA DoS attack was possible via a malicious SVG image (TBX-9216)Medium2.2CWE-400CVE-2024-24943
TeamCityAccess control at the S3 Artifact Storage plugin endpoint was missed (TW-85499)Medium2023.11.2CWE-285CVE-2024-24936
TeamCityStored XSS via agent distribution was possible (TW-85880)Medium2023.11.2CWE-79CVE-2024-24937
TeamCityLimited directory traversal was possible in the Kotlin DSL documentation (TW-85585)Medium2023.11.2CWE-23CVE-2024-24938
YouTrackStored XSS via markdown was possible. Reported by Sergei Zotov (JT-78995)Medium2023.3.22666CWE-79CVE-2024-22370
IntelliJ IDEACode execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration (IDEA-320814)Medium2023.3.2CWE-349CVE-2023-51655
TeamCityA CSRF on login was possible (TW-84796)Medium2023.11.1CWE-352CVE-2023-50870
YouTrackAuthorization check for inline comments inside thread replies was missed (JT-78444)Medium2023.3.22268CWE-285CVE-2023-50871
KtorDefault configuration of ContentNegotiation with XML format was vulnerable to XXE. Reported by Ulf Karlsson (KTOR-6286, Pull Request)High2.3.5CWE-611CVE-2023-45612
KtorServer certificates were not verified (KTOR-6229, Pull Request)Medium2.3.5CWE-295CVE-2023-45613
TeamCityAuthentication bypass leading to RCE on TeamCity Server was possible. Reported by Stefan Schiller from Sonar (TW-83545)Critical2023.05.4CWE-288CVE-2023-42793
TeamCityStored XSS was possible during nodes configuration (TW-83216)Low2023.05.4CWE-79CVE-2023-43566
TeamCityStored XSS was possible during Cloud Profiles configuration (TW-82867, TW-82475)Medium2023.05.3CWE-79CVE-2023-41248
TeamCityReflected XSS was possible during copying Build Step (TW-82869)Medium2023.05.3CWE-79CVE-2023-41249
TeamCityReflected XSS was possible during user registration (TW-82876)Low2023.05.3CWE-79CVE-2023-41250
IntelliJ IDEAPlugin for Space was requesting excessive permissions (IDEA-321747)Medium2023.2CWE-250CVE-2023-39261
TeamCityA token with limited permissions could be used to gain full account access (TW-82485)Medium2023.05.2CWE-266CVE-2023-39173
TeamCityA ReDoS attack was possible via integration with issue trackers (TW-82283)Medium2023.05.2CWE-1333CVE-2023-39174
TeamCityReflected XSS via GitHub integration was possible (TW-82472)Medium2023.05.2CWE-79CVE-2023-39175
IntelliJ IDEALicense dialog could be suppressed in certain cases. Reported by Bilawal Imdad (IDEA-324171)Low2023.1.4CWE-754CVE-2023-38069
TeamCityStored XSS when using a custom theme was possible (TW-82270)Medium2023.05.1CWE-79CVE-2023-38061
TeamCityParameters of the "password" type could be shown in the UI in certain composite build configurations (TW-82022)Medium2023.05.1CWE-200CVE-2023-38062
TeamCityStored XSS while running custom builds was possible (TW-81723)Medium2023.05.1CWE-79CVE-2023-38063
TeamCityBuild chain parameters of the "password" type could be written to the agent log (TW-81846)Medium2023.05.1CWE-532CVE-2023-38064
TeamCityStored XSS while viewing the build log was possible (TW-81777)Medium2023.05.1CWE-79CVE-2023-38065
TeamCityReflected XSS via the Referer header was possible during artifact downloads (TW-80993)Medium2023.05.1CWE-79CVE-2023-38066
TeamCityBuild parameters of the "password" type could be written to the agent log (TW-80002)Medium2023.05.1CWE-532CVE-2023-38067
YouTrackCaptcha was not properly validated for Helpdesk forms (JT-75029)Medium2023.1.16597CWE-799CVE-2023-38068
YouTrackA DoS attack was possible via Helpdesk forms (JT-75136)High2023.1.10518CWE-400CVE-2023-35053
YouTrackStored XSS in a Markdown-rendering engine was possible (JT-75230)Medium2023.1.10518CWE-79CVE-2023-35054
KtorHeaders containing authentication data could be added to the exception's message (KTOR-5900, Pull Request)Low2.3.1CWE-209CVE-2023-34339
TeamCityBypass of permission checks allowing to perform admin actions was possible. Reported by Isaac Peka (TW-81566)Critical2023.05, 2022.10.4CWE-863CVE-2023-34218
TeamCityImproper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API. Reported by Olof Lindberg (TW-80538)Medium2023.05, 2022.10.4CWE-285CVE-2023-34219
TeamCityStored XSS in the Commit Status Publisher window was possible (TW-80262)Medium2023.05, 2022.10.4CWE-79CVE-2023-34220
TeamCityStored XSS in the Show Connection page was possible (TW-81182)Medium2023.05CWE-79CVE-2023-34221
TeamCityPossible XSS in the Plugin Vendor URL was possible (TW-80378)Medium2023.05CWE-79CVE-2023-34222
TeamCityParameters of the "password" type from build dependencies could be logged in some cases (TW-81338)Medium2023.05CWE-532CVE-2023-34223
TeamCityOpen redirect during oAuth configuration was possible (TW-79888)Medium2023.05CWE-601CVE-2023-34224
TeamCityStored XSS in the NuGet feed page was possible (TW-81031)Medium2023.05CWE-79CVE-2023-34225
TeamCityReflected XSS in the Subscriptions page was possible (TW-80881)Medium2023.05CWE-79CVE-2023-34226
TeamCityA specific endpoint was vulnerable to brute force attacks (TW-80842)Medium2023.05, 2022.10.4CWE-749CVE-2023-34227
TeamCityAuthentication checks were missing – 2FA was not checked for some sensitive account actions (TW-73544)Medium2023.05CWE-308CVE-2023-34228
TeamCityStored XSS in GitLab Connection page was possible (TW-80174)Medium2023.05, 2022.10.4CWE-79CVE-2023-34229
Toolbox AppA DYLIB injection on macOS was possible. Reported by Dimitrie-Toma Furdui (TBX-9047)Medium1.28CWE-691CVE-2022-48481
HubSSRF protection in Auth Module integration was missing (HUB-11380)Medium2023.1.15725CWE-918CVE-2022-48477
KtorPath traversal in the `resolveResource` method was possible. Reported by Vasco Franco (KTOR-5733, Pull Request)High2.3.0CWE-35CVE-2022-48476
PhpStormSource code could be logged in the local idea.log file (WI-71063)Low2023.1CWE-532CVE-2022-48435
IntelliJ IDEAFile content could be disclosed via an external stylesheet path in Markdown preview (IDEA-297583)Medium2023.1CWE-200CVE-2022-48430
IntelliJ IDEAIn some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation (IDEA-262839)Medium2023.1CWE-345CVE-2022-48431
IntelliJ IDEAThe bundled version of Chromium wasn't sandboxed (IDEA-284121)Medium2023.1CWE-1188CVE-2022-48432
IntelliJ IDEAThe NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server (IDEA-303249)Medium2023.1CWE-522CVE-2022-48433
HubReflected XSS in dashboards was possible (HUB-11421)Medium2022.3.15573, 2022.2.15572, 2022.1.15583CWE-79CVE-2022-48429
TeamCityStored XSS in Perforce connection settings was possible (TW-79891)Medium2022.10.3CWE-79CVE-2022-48426
TeamCityStored XSS on “Pending changes” and “Changes” tabs was possible (TW-80199)Medium2022.10.3CWE-79CVE-2022-48427
TeamCityStored XSS on the SSH keys page was possible (TW-80097)Medium2022.10.3CWE-79CVE-2022-48428
JetBrains MarketplaceThere was a stored XSS vulnerability in the list of suggested plugins (MP-4822)MediumNot applicableCWE-79Sans objet
JetBrains MarketplaceThrottling was not in place for comment creation. Reported by Keroles Magdy (MP-4857)LowNot applicableCWE-770Sans objet
JetBrains WebsiteSSRF leading to AWS metadata disclosure was possible. Reported by Peter Af Geijerstam (JS-17660)MediumNot applicableCWE-918Sans objet
JetBrains WebsiteServer version and stack trace were disclosed to unauthorized users (JS-16718)LowNot applicableCWE-209Sans objet
JetBrains WebsiteIt was possible to launch cookie bomb attacks, leading to DoS. Reported by Multansingh Medtiya (JS-17550)MediumNot applicableCWE-703Sans objet
JetBrains WebsiteThere was a reflected XSS vulnerability in the Space instance registration process. Reported by Rahul Karki (SPACE-17966)MediumNot applicableCWE-79Sans objet
SpaceThrottling was not in place for a password reset. Reported by Hasan Khan (SPACE-17349)LowNot applicableCWE-770Sans objet
TeamCityJVMTI was enabled by default on agents. Reported by Hj Chai (TW-78552)Medium2022.10.2CWE-1188CVE-2022-48342
TeamCityThere was an XSS vulnerability in the user creation process (TW-78783)Medium2022.10.2CWE-79CVE-2022-48343
TeamCityThere was an XSS vulnerability in the group creation process (TW-78786)Medium2022.10.2CWE-79CVE-2022-48344
JetBrains MarketplaceStored XSS in the list of plugin ideas (MP-4824) MediumNot applicableCWE-79Sans objet
JetBrains WebsiteReflected XSS in JetBrains Blog (JS-16355)MediumNot applicableCWE-79Sans objet
IntelliJ IDEAThe "Validate JSP File" action used the HTTP protocol to download required JAR files (IDEA-305732)Medium2022.3.1CWE-319CVE-2022-47895
IntelliJ IDEACode Templates were vulnerable to SSTI attacks. Reported by Krypton (IDEA-306345)Medium2022.3.1CWE-1336CVE-2022-47896
SpaceThe second authentication factor wasn't checked during the password reset. Reported by Bharat (SPACE-15087)MediumNot applicableCWE-304Sans objet
IntelliJ IDEAA buffer overflow in the fsnotifier daemon on macOS was possible (IDEA-302494)Medium2022.2.4CWE-120CVE-2022-46824
IntelliJ IDEAThe built-in web server leaked information about open projects (IDEA-297741)Medium2022.3CWE-200CVE-2022-46825
IntelliJ IDEAThe built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability (IDEA-304713)Medium2022.3CWE-35CVE-2022-46826
IntelliJ IDEAAn XXE attack leading to SSRF via requests to custom plugin repositories was possible (IDEA-302855)Low2022.3CWE-611CVE-2022-46827
IntelliJ IDEAA DYLIB injection on macOS was possible. Independently reported by Anthony Viriya and Kang Ali (IDEA-298179)Medium2022.3CWE-691CVE-2022-46828
JetBrains GatewayA client could connect without a valid token if the host consented (GTW-1786)High2022.3CWE-287CVE-2022-46829
SpaceProfiles were improperly added to random projects, including restricted onesMediumNot applicableCWE-668Sans objet
TeamCityA custom STS endpoint allowed internal port scanning (TW-78415)Medium2022.10.1CWE-918CVE-2022-46830
TeamCityConnecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators (TW-78416)Medium2022.10.1CWE-453CVE-2022-46831
HubThrottling was missed when sending emails to a particular email address. Reported by Keroles Magdy (HUB-11260)Low2022.3.15181CWE-770CVE-2022-45471
TeamCity CloudEBS storage objects were not encrypted (TCC-175)LowNot applicableCWE-311Sans objet
TeamCity CloudPasswords for agent user accounts built from the same image were not randomized (TCC-188)MediumNot applicableCWE-331Sans objet
TeamCityExcessive access permissions for secure token health items (TW-73518)Low2022.10CWE-284CVE-2022-44622
TeamCityProject Viewer could see scrambled secure values in the MetaRunner settings (TW-76796)Medium2022.10CWE-538CVE-2022-44623
TeamCityPassword parameters could be exposed in the build log if they contained special characters (TW-77048)Medium2022.10CWE-532CVE-2022-44624
TeamCityNo audit items were added upon editing a user's settings (TW-75537)Low2022.10CWE-223CVE-2022-44646
JetBrains AccountThrottling was missed on some pages. Reported by Manthan Mahale (JPF-13346)Low2022.09CWE-770Sans objet
TeamCityEnvironmental variables of "password" type could be logged when using custom Perforce executable. Reported by Pierre Hosteins and Yvan Serykh (TW-77474)Medium2022.04.4CWE-532CVE-2022-40979
JetBrains WebsiteOpen redirect on jetbrains.com.cn. Reported by Koutrouss Naddara (JS-17099)MediumNot applicableCWE-601Sans objet
IntelliJ IDEAThe installer was vulnerable to EXE search order hijacking. Reported by Dmitry Zemlyakov (IDEA-295424)High2022.2.2CWE-427CVE-2022-40978
JetBrains WebsiteThe JetBrains blog was vulnerable to CSS injection (JS-16353)LowNot applicableCWE-79Sans objet
KtorKtor was vulnerable to the Reflect File Download attack. Reported by Motoyasu Saburi (KTOR-4669, Pull Request)Medium2.1.0CWE-184CVE-2022-38179
KtorThe wrong authentication provider could be selected in some cases. Reported by Andrew Bryan (KTOR-4618, Pull Request)Medium2.1.0CWE-287CVE-2022-38180
TeamCityThe private SSH key could be written to the server log in some cases (TW-76758)Low2022.04.3CWE-532CVE-2022-38133
RiderTrust and Open Project dialog bypass, leading to local code execution (RIDER-74325, RIDER-74328)Medium2022.2CWE-94CVE-2022-37396
IntelliJ IDEALocal code execution was possible via a Vagrant executable (IDEA-288325)Low2022.2CWE-94CVE-2022-37009
IntelliJ IDEAMissing email address validation in the "Git User Name Is Not Defined" dialog. Reported by Carolos Foscolos (IDEA-291960)Low2022.2CWE-20CVE-2022-37010
TeamCityThe private SSH key could be written to the build log in some cases (TW-76651)Medium2022.04.2CWE-532CVE-2022-36321
TeamCityBuild parameter injection was possible. Reported by Micky Sung (TW-76356)Medium2022.04.2CWE-88CVE-2022-36322
HubInsufficient access control allowed the hijacking of untrusted services in Hub. Reported by Yurii Sanin (HUB-10771)Low2022.2.14799CWE-284CVE-2022-34894
JetBrains WebsitePotential XSS via Origin header. Reported by Nidhin Sabu (JPF-13063)LowNot applicableCWE-79Sans objet
KtorSHA1 implementation in Ktor Native was returning the same value (KTOR-4217, Pull Request)High2.0.1CWE-342CVE-2022-29930
TeamCityReflected XSS on the Build Chain Status page (TW-75231)Medium2022.04CWE-79CVE-2022-29927
TeamCityPossible leak of secrets in TeamCity agent logs (TW-74263, TW-68807)Medium2022.04CWE-532CVE-2022-29928
TeamCityPotential XSS via Referrer header (TW-75605)Low2022.04CWE-79CVE-2022-29929
HubStored XSS via project icon. Reported by Julian Muñoz (HUB-11155)Medium2022.1.14638CWE-79CVE-2022-29811
IntelliJ IDEAInsufficient notification about using Unicode directionality formatting characters (IDEA-284151)Low2022.1CWE-176CVE-2022-29812
IntelliJ IDEALocal code execution via custom Pandoc path (IDEA-288269)Medium2022.1CWE-94CVE-2022-29813
IntelliJ IDEALocal code execution via HTML descriptions in custom JSON schemas (IDEA-283967)Medium2022.1CWE-94CVE-2022-29814
IntelliJ IDEALocal code execution via workspace settings (IDEA-283824, IDEA-283968)Medium2022.1CWE-94CVE-2022-29815
IntelliJ IDEAHTML injection into IDE messages (IDEA-287428)Low2022.1CWE-74CVE-2022-29816
IntelliJ IDEAReflected XSS via error messages in internal web server (IDEA-283994)Low2022.1CWE-79CVE-2022-29817
IntelliJ IDEAFlawed origin checks in the internal web server (IDEA-283586)Low2022.1CWE-346CVE-2022-29818
IntelliJ IDEALocal code execution via links in Quick Documentation (IDEA-289398)Medium2022.1CWE-94CVE-2022-29819
PyCharmExposure of the debugger port to the internal network (PY-52288)Low2022.1CWE-1327CVE-2022-29820
RiderLocal code execution via links in ReSharper Quick Documentation (RIDER-74099)Medium2022.1CWE-94CVE-2022-29821
TeamCity CloudPotential disclosure of built-in OAuth2 connectors' secrets. Reported by Yurii Sanin (TCC-346)HighNot applicableCWE-522Sans objet
TeamCity CloudSession takeover via OAuth client manipulation. Reported by Yurii Sanin (TCC-347, TCC-349, TCC-351)HighNot applicableCWE-345Sans objet
TeamCity CloudSession takeover using open redirect misconfiguration. Reported by Yurii Sanin (TCC-348)HighNot applicableCWE-601Sans objet
TeamCity CloudVCS credentials disclosure via repository URL manipulation. Reported by Yurii Sanin (TCC-355, TCC-358)MediumNot applicableCWE-522Sans objet
KtorRandom values used for nonce generation in Ktor Native weren't using SecureRandom implementations. Reported by Dan Wallach (KTOR-3656, Pull Request)Low2.0.0CWE-330CVE-2022-29035
JetBrains AccountIt was possible to take over accounts linked to outlook.* email addresses via GitHub SSO. Reported by Adrian Weber (JPF-12877)Critical2022.04CWE-697Sans objet
IntelliJ IDEAIt was possible to get passwords from protected fields (IDEA-289085)High2021.3.3CWE-497CVE-2022-28651
YouTrackHTML code from the issue description was being rendered (JT-58282)Medium2022.1.43563CWE-80CVE-2022-28648
YouTrackIt was possible to include an iframe from a third-party domain in the issue description (JT-68626)Medium2022.1.43563CWE-1021CVE-2022-28649
YouTrackIt was possible to inject JavaScript into Markdown in the YouTrack Classic UI (JT-68622)High2022.1.43700CWE-79CVE-2022-28650
HubBlind Server-Side Request Forgery (SSRF). Reported by Yurii Sanin (HUB-11052)Medium2021.1.14276CWE-918CVE-2022-25260
HubReflected XSS. Reported by Yurii Sanin (HUB-10971)Medium2021.1.14276CWE-79CVE-2022-25259
HubSAML request takeover. Reported by Yurii Sanin (HUB-10978)High2022.1.14434CWE-345CVE-2022-25262
JetBrains BlogReflected XSS via tag parameter (BLOG-55)MediumNot applicableCWE-79Sans objet
JetBrains MarketplaceStored XSS via plugin fields (MP-4190, MP-4191, MP-4192, MP-4196, MP-4201)MediumNot applicableCWE-79Sans objet
Kotlin WebsiteClickjacking at talkingkotlin.com (KTL-84)LowNot applicableCWE-1021Sans objet
TeamCityReflected XSS (TW-74044)Medium2021.2.2CWE-79CVE-2022-25261
TeamCityOS command injection in the Agent Push feature configuration. Reported by Cristian Chavez (TW-74822)High2021.2.3CWE-78CVE-2022-25263
TeamCityEnvironmental variables of "password" type could be logged in some cases (TW-74625)Medium2021.2.3CWE-532CVE-2022-25264
YouTrackSSTI via FreeMarker templates. Reported by Matei "Mal" Badanoiu (JT-68075)High2021.4.40426CWE-1336CVE-2022-24442
HubJetBrains Account integration exposed API keys with excessive permissions. Reported by Yurii Sanin (HUB-10958)High2021.1.13890CWE-732CVE-2022-24327
HubAn unprivileged user could perform a DoS. Reported by Yurii Sanin (HUB-10976)High2021.1.13956CWE-74CVE-2022-24328
IntelliJ IDEACode could be executed without the user’s permission on opening a project (IDEA-243002, IDEA-277306, IDEA-282396, IDEA-275917)Medium2021.2.4CWE-345CVE-2022-24345
IntelliJ IDEAPotential LCE via RLO (Right-to-Left Override) characters (IDEA-284150)Medium2021.3.1CWE-176CVE-2022-24346
JetBrains BlogBlind SQL injection. Reported by Khan Janny (BLOG-45)MediumNot applicableCWE-89Sans objet
KotlinNo ability to lock dependencies for Kotlin Multiplatform Gradle projects. Reported by Carter Jernigan (KT-49449)Medium1.6.0CWE-667CVE-2022-24329
Kotlin WebsiteClickjacking at kotlinlang.org (KTL-588)MediumNot applicableCWE-1021Sans objet
Remote DevelopmentUnexpected open port on backend server. Reported by Damian Gwiżdż (GTW-894)High2021.3.1CWE-1327CVE-2021-45977
SpaceMissing permission check in an HTTP API response (SPACE-15991)HighNot applicableCWE-284Sans objet
TeamCityA redirect to an external site was possible (TW-71113)Low2021.2.1CWE-601CVE-2022-24330
TeamCityLogout failed to remove the "Remember Me" cookie (TW-72969)Low2021.2CWE-613CVE-2022-24332
TeamCityGitLab authentication impersonation. Reported by Christian Pedersen (TW-73375)High2021.1.4CWE-285CVE-2022-24331
TeamCityThe "Agent push" feature allowed any private key on the server to be selected (TW-73399)Low2021.2.1CWE-284CVE-2022-24334
TeamCityBlind SSRF via an XML-RPC call. Reported by Artem Godin (TW-73465)Medium2021.2CWE-918CVE-2022-24333
TeamCityTime-of-check/Time-of-use (TOCTOU) vulnerability in agent registration via XML-RPC. Reported by Artem Godin (TW-73468)High2021.2CWE-367CVE-2022-24335
TeamCityAn unauthenticated attacker could cancel running builds via an XML-RPC request to the TeamCity server. Reported by Artem Godin (TW-73469)Medium2021.2.1CWE-284CVE-2022-24336
TeamCityPull-requests' health items were shown to users without appropriate permissions (TW-73516)Low2021.2CWE-284CVE-2022-24337
TeamCityStored XSS. Reported by Yurii Sanin (TW-73737)Medium2021.2.1CWE-79CVE-2022-24339
TeamCityURL injection leading to CSRF. Reported by Yurii Sanin (TW-73859)Medium2021.2.1CWE-352CVE-2022-24342
TeamCityChanging a password failed to terminate sessions of the edited user (TW-73888)Low2021.2.1CWE-613CVE-2022-24341
TeamCityXXE during the parsing of a configuration file (TW-73932)Medium2021.2.1CWE-611CVE-2022-24340
TeamCityReflected XSS (TW-74043)Medium2021.2.1CWE-79CVE-2022-24338
YouTrackStored XSS on the Notification templates page (JT-65752)Low2021.4.31698CWE-79CVE-2022-24344
YouTrackA custom logo could be set with read-only permissions (JT-66214)Low2021.4.31698CWE-284CVE-2022-24343
YouTrackStored XSS via project icon. Reported by Yurii Sanin (JT-67176)Medium2021.4.36872CWE-79CVE-2022-24347
DataloreServer version disclosure. Reported by Bharat (DL-9447)Low2021.3CWE-209Sans objet
HubInformation disclosure via avatars metadata (HUB-10154)Low2021.1.13690CWE-200CVE-2021-43180
HubPotential DOS via user information. Reported by Bharat (HUB-10804)Low2021.1.13415CWE-20CVE-2021-43182
HubStored XSS. Reported by Dmitry Sherstoboev (HUB-10854)Medium2021.1.13690CWE-79CVE-2021-43181
HubAuthentication throttling mechanism could be bypassed. Reported by Bharat (HUB-10869)Medium2021.1.13690CWE-180CVE-2021-43183
JetBrains AccountAuthentication throttling mechanism could be bypassed. Reported by Bharat (JPF-11933)Medium2021.07CWE-180Sans objet
KtorImproper nonce verification during OAuth2 authentication process. Reported by Ole Schilling Tjensvold (KTOR-3091)Medium1.6.4CWE-303CVE-2021-43203
SpaceAuthentication throttling mechanism could be bypassed. Reported by Bharat (SPACE-15282)LowNot applicableCWE-180Sans objet
SpaceSSRF disclosing EC2 metadata (SPACE-15666)HighNot applicableCWE-918Sans objet
TeamCityUser enumeration was possible (TW-70167)Low2021.1.2CWE-200CVE-2021-43194
TeamCityRCE in agent push functionality. Reported by Eduardo Castellanos (TW-70384)High2021.1.2CWE-78CVE-2021-43193
TeamCityInformation disclosure via Docker Registry connection dialog (TW-70459)Medium2021.1CWE-200CVE-2021-43196
TeamCitySome HTTP Security Headers were missed (TW-71376)Low2021.1.2CWE-693CVE-2021-43195
TeamCityEmail notifications could include unescaped HTML (TW-71981)Low2021.1.2CWE-116CVE-2021-43197
TeamCityInsufficient permissions checks in create patch functionality (TW-71982)Low2021.1.2CWE-285CVE-2021-43199
TeamCityStored XSS (TW-72007)Low2021.1.2CWE-79CVE-2021-43198
TeamCityInsufficient permissions checks in agent push functionality (TW-72177)Low2021.1.2CWE-285CVE-2021-43200
TeamCityX-Frame-Options Header was missed in some cases (TW-72464)Low2021.1.3CWE-693CVE-2021-43202
TeamCityA newly created project could take settings from already deleted project (TW-72521)Medium2021.1.3CWE-459CVE-2021-43201
TeamCity CloudSession takeover using open redirect in OAuth integration. Reported by Yurii Sanin (TCC-277)HighNot applicableCWE-601Sans objet
YouTrackStored XSS (JT-63483)Low2021.3.21051CWE-79CVE-2021-43184
YouTrackHost header injection. Reported by Artem Ivanov (JT-65590)Medium2021.3.23639CWE-601CVE-2021-43185
YouTrackStored XSS. Reported by Artem Ivanov (JT-65749)High2021.3.24402CWE-79CVE-2021-43186
YouTrack InCloudUnsafe EC2 configuration in YouTrack InCloud (JT-63693, JT-63695)LowNot applicableCWE-16Sans objet
YouTrack MobileClient-side caching on iOS (YTM-12961)Low2021.2CWE-524CVE-2021-43187
YouTrack MobileIncomplete access tokens protection in iOS (YTM-12962, YTM-12965, YTM-12966)Low2021.2CWE-311CVE-2021-43188
YouTrack MobileIncomplete access tokens protection in Android (YTM-12964)Low2021.2CWE-311CVE-2021-43189
YouTrack MobileTask Hijacking in Android (YTM-12967)Low2021.2CWE-287CVE-2021-43190
YouTrack MobileiOS URL Scheme hijacking (YTM-12968)Low2021.2CWE-287CVE-2021-43192
YouTrack MobileMissing Security Screen on Android & iOS (YTM-12969)Low2021.2CWE-287CVE-2021-43191
DatalorePotential JWT token takeover using redirect misconfiguration. Reported by Yurii Sanin (DL-9225, JPF-11801)High0.2.2CWE-601Sans objet
DataloreThere was no way to drop all active sessions. Reported by Bharat (DL-9247)High0.3.0CWE-613Sans objet
HubPotentially insufficient CSP for Widget deployment feature (JPS-10736)Low2021.1.13262CWE-1021CVE-2021-37540
HubAccount takeover was possible during password reset. Reported by Viet Nguyen Quoc (JPS-10767)High2021.1.13402CWE-601CVE-2021-36209
HubHTML injection in the password reset email was possible. Reported by Bharat (JPS-10797)Medium2021.1.13402CWE-79CVE-2021-37541
JetBrains AccountOTP could be used several times after the successful validation (JPF-11119)Low2021.04CWE-358Sans objet
JetBrains AccountPotential account takeover via OAuth integration. Reported by Bharat (JPF-11802)High2021.06CWE-918Sans objet
JetBrains WebsiteReflected XSS on jetbrains.com. Reported by Vasu Solanki (JS-14004)LowNot applicableCWE-79Sans objet
RubyMineCode execution without user confirmation was possible for untrusted projects (RUBY-27702)Medium2021.1.1CWE-345CVE-2021-37543
SpaceDeprecated organization-wide package repositories were publicly visible (SPACE-14151)HighNot applicableCWE-284Sans objet
TeamCityPotential XSS (TW-61688)High2020.2.3CWE-79CVE-2021-37542
TeamCityInsecure deserialization (TW-70057, TW-70080)High2020.2.4CWE-502CVE-2021-37544
TeamCityInsufficient authentication checks for agent requests (TW-70166)High2021.1.1CWE-287CVE-2021-37545
TeamCityInsecure key generation for encrypted properties (TW-70201)Low2021.1CWE-335CVE-2021-37546
TeamCityInsufficient checks during file uploading (TW-70546)Medium2020.2.4CWE-434CVE-2021-37547
TeamCityPasswords in plain text sometimes could be stored in VCS (TW-71008)Medium2021.1CWE-540CVE-2021-37548
YouTrackInsufficient sandboxing in workflows (JT-63222, JT-63254)Critical2021.1.11111CWE-648CVE-2021-37549
YouTrackTime-unsafe comparisons were used (JT-63697)Low2021.2.16363CWE-208CVE-2021-37550
YouTrackSystem user passwords were hashed with SHA-256 (JT-63698)Low2021.2.16363CWE-916CVE-2021-37551
YouTrackInsecure PRNG was used (JT-63699)Low2021.2.16363CWE-338CVE-2021-37553
YouTrackStored XSS (JT-64564)Medium2021.2.17925CWE-79CVE-2021-37552
YouTrackUser could see boards without having corresponding permissions (JT-64634)Low2021.3.21051CWE-284CVE-2021-37554
YouTrack InCloudReflected XSS on konnector service in Firefox (JT-63702)LowNot applicableCWE-79Sans objet
Code With MeClient could execute code in read-only mode (CWM-1235)MediumCompatible IDEs 2021.1 versionCWE-285CVE-2021-31899
Code With MeClient could open browser on host (CWM-1769)LowCompatible IDEs 2021.1 versionCWE-285CVE-2021-31900
Exception AnalyzerNo throttling at Exception Analyzer login page. Reported by Ashhad Ali (EXA-760)LowNot applicableCWE-799Sans objet
HubTwo-factor authentication wasn't enabled properly for "All Users" group (JPS-10694)Low2021.1.13079CWE-304CVE-2021-31901
IntelliJ IDEAXXE in License server functionality (IDEA-260143)High2020.3.3CWE-611CVE-2021-30006
IntelliJ IDEACode execution without user confirmation was possible for untrusted projects (IDEA-260911, IDEA-260912, IDEA-260913, IDEA-261846, IDEA-261851, IDEA-262917, IDEA-263981, IDEA-264782)Medium2020.3.3CWE-345CVE-2021-29263
IntelliJ IDEAPossible DoS. Reported by Arun Malik (IDEA-261832)Medium2021.1CWE-770CVE-2021-30504
JetBrains AcademyPotential takeover of a future account with a known email. Reported by Vansh Devgan (JBA-110)LowNot applicableCWE-285Sans objet
JetBrains AccountSensitive account URLs were shared with third parties. Reported by Vikram Naidu (JPF-11338)High2021.02CWE-201Sans objet
JetBrains WebsiteReflected XSS at blog.jetbrains.com. Reported by Peter Af Geijerstam and Jai Kumar (JS-14554, JS-14562)LowNot applicableCWE-79Sans objet
PyCharmCode execution without user confirmation was possible for untrusted projects. Reported by Tony Torralba (PY-41524)Medium2020.3.4CWE-345CVE-2021-30005
SpaceInsufficient CRLF sanitization in user input (SPACE-13955)LowNot applicableCWE-93Sans objet
TeamCityPotential XSS on the test history page (TW-67710)Medium2020.2.2CWE-79CVE-2021-31904
TeamCityTeamCity IntelliJ Plugin DOS. Reported by Jonathan Leitschuh (TW-69070)Low2020.2.2CWE-770CVE-2021-26310
TeamCityLocal information disclosure via temporary file in TeamCity IntelliJ Plugin. Reported by Jonathan Leitschuh (TW-69420)Low2020.2.2CWE-378CVE-2021-26309
TeamCityInsufficient audit when an administrator uploads a file (TW-69511)Low2020.2.2CWE-778CVE-2021-31906
TeamCityImproper permission checks for changing TeamCity plugins (TW-69521)Low2020.2.2CWE-732CVE-2021-31907
TeamCityPotential XSS on the test page. Reported by Stephen Patches (TW-69737)Low2020.2.2CWE-79CVE-2021-3315
TeamCityArgument Injection leading to RCE (TW-70054)High2020.2.3CWE-78CVE-2021-31909
TeamCityStored XSS on several pages (TW-70078, TW-70348)Medium2020.2.3CWE-79CVE-2021-31908
TeamCityInformation disclosure via SSRF (TW-70079)High2020.2.3CWE-918CVE-2021-31910
TeamCityReflected XSS on several pages (TW-70093, TW-70094, TW-70095, TW-70096, TW-70137)Medium2020.2.3CWE-79CVE-2021-31911
TeamCityPotential account takeover during password reset (TW-70303)Medium2020.2.3CWE-640CVE-2021-31912
TeamCityInsufficient checks of the redirect_uri during GitHub SSO token exchange (TW-70358)Low2020.2.3CWE-601CVE-2021-31913
TeamCityArbitrary code execution on TeamCity Server running on Windows. Reported by Chris Moore (TW-70512)High2020.2.4CWE-829CVE-2021-31914
TeamCityCommand injection leading to RCE. Reported by Chris Moore (TW-70541)High2020.2.4CWE-78CVE-2021-31915
TeamCity CloudPotential information disclosure via EC2 instance metadata (TCC-174, TCC-176)LowNot applicableCWE-1230Sans objet
TeamCity CloudTemporary credentials disclosure via command injection. Reported by Chris Moore (TCC-196)HighNot applicableCWE-78Sans objet
UpSourceApplication passwords were not revoked correctly. Reported by Thibaut Zonca (UP-10843)High2020.1.1883CWE-459CVE-2021-30482
WebStormHTTP requests were used instead of HTTPS (WEB-49549)Low2021.1CWE-295CVE-2021-31898
WebStormCode execution without user confirmation was possible for untrusted projects (WEB-49689, WEB-49902)Low2021.1CWE-345CVE-2021-31897
YouTrackStored XSS via attached file. Reported by Mikhail Klyuchnikov (JT-62530)Medium2020.6.6441CWE-79CVE-2021-27733
YouTrackPull request title was sanitized insufficiently (JT-62556)Medium2021.1.9819CWE-79CVE-2021-31903
YouTrackImproper access control during exporting issues (JT-62649)High2020.6.6600CWE-284CVE-2021-31902
YouTrackInformation disclosure in issue preview (JT-62919)High2020.6.8801CWE-200CVE-2021-31905
Code With MeAn attacker in the local network knowing session id could get access to the encrypted traffic. Reported by Grigorii Liullin (CWM-1067)Low2020.3Sans objetCVE-2021-25755
DataloreServer components versions were disclosed (DL-8327, DL-8335)Low0.0.1CWE-200Sans objet
Exception AnalyzerInformation disclosure via Exceptions Analyzer (SDP-1248)LowNot applicableCWE-200Sans objet
HubOpen-redirect was possible. Reported by Mohammed Amine El Attar (JPS-10348)Medium2020.1.12629Sans objetCVE-2021-25757
HubAuthorized user can delete 2FA settings of any other user (JPS-10410)Medium2020.1.12629Sans objetCVE-2021-25759
HubInformation disclosure via public API (JPS-10481)Low2020.1.12669Sans objetCVE-2021-25760
IntelliJ IDEAHTTP links were used for several remote repositories (IDEA-228726)Low2020.2Sans objetCVE-2021-25756
IntelliJ IDEAPotentially insecure deserialization of the workspace model (IDEA-253582)Low2020.3Sans objetCVE-2021-25758
JetBrains AccountAuthorization token was sent as a query parameter within Zendesk integration (JPF-10508)Low2020.11CWE-598Sans objet
JetBrains AccountOpen-redirect was possible (JPF-10660)Low2020.10CWE-601Sans objet
JetBrains WebsiteCross-origin resource sharing was possible. Reported by Ashhad Ali (SDP-1193)LowNot applicableCWE-942Sans objet
JetBrains WebsiteThrottling was not used for the particular endpoint. Reported by Ashhad Ali (SDP-1197)LowNot applicableCWE-799Sans objet
JetBrains WebsiteClickjacking was possible. Reported by Ashhad Ali (SDP-1203)LowNot applicableCWE-1021Sans objet
KotlinVulnerable Java API was used for temporary files and folders creation, which could make temporary files available for other users of a system. Reported by Jonathan Leitschuh (KT-42181)Low1.4.21Sans objetCVE-2020-29582
KtorBirthday attack on SessionStorage key was possible. Reported by Kenta Koyama (KTOR-878)Low1.5.0Sans objetCVE-2021-25761
KtorWeak cipher suites were enabled by default. Reported by Johannes Ulfkjær Jensen (KTOR-895)Low1.4.2Sans objetCVE-2021-25763
KtorHTTP Request Smuggling was possible. Reported by ZeddYu Lu, Kaiwen Shen, Yaru Yang (KTOR-1116)Low1.4.3Sans objetCVE-2021-25762
PhpStormSource code could be added to debug logs (WI-54619)Low2020.3Sans objetCVE-2021-25764
SpacePotential information disclosure via logs (SPACE-9343, SPACE-10969)LowNot applicableCWE-532Sans objet
SpaceAn attacker could obtain limited information via SSRF in repository mirroring test connection (SPACE-9514)HighNot applicableCWE-918Sans objet
SpaceContent-Type header wasn't set for some pages (SPACE-12004)LowNot applicableCWE-531Sans objet
SpaceREST API endpoint was available without appropriate permissions check, which could introduce a potential DOS vector (no real exploit available). (SPACE-12288)LowNot applicableCWE-732Sans objet
TeamCityReflected XSS on several pages (TW-67424, TW-68098)Medium2020.2Sans objetCVE-2021-25773
TeamCityTeamCity server DoS was possible via server integration (TW-68406, TW-68780)Low2020.2.2Sans objetCVE-2021-25772
TeamCityECR token exposure in the build's parameters (TW-68515)Medium2020.2Sans objetCVE-2021-25776
TeamCityUser could get access to GitHub access token of another user (TW-68646)Low2020.2.1Sans objetCVE-2021-25774
TeamCityServer admin could create and see access tokens for any other users (TW-68862)Low2020.2.1Sans objetCVE-2021-25775
TeamCityImproper permissions checks during user deletion (TW-68864)Low2020.2.1Sans objetCVE-2021-25778
TeamCityImproper permissions checks during tokens removal (TW-68871)Low2020.2.1Sans objetCVE-2021-25777
TeamCityTeamCity Plugin SSRF. Vulnerability that could potentially expose user credentials. Reported by Jonathan Leitschuh (TW-69068)High2020.2.85695Sans objetCVE-2020-35667
YouTrackCSRF via attachment upload. Reported by Yurii Sanin (JT-58157)Medium2020.4.4701Sans objetCVE-2021-25765
YouTrackUsers enumeration via REST API without appropriate permissions (JT-59396, JT-59498)Low2020.4.4701Sans objetCVE-2020-25208
YouTrackImproper resource access checks (JT-59397)Low2020.4.4701Sans objetCVE-2021-25766
YouTrackIssue's existence disclosure via the YouTrack command execution (JT-59663)Low2020.6.1767Sans objetCVE-2021-25767
YouTrackImproper permissions checks for the attachments actions (JT-59900)Low2020.4.4701Sans objetCVE-2021-25768
YouTrackYouTrack admin wasn't able to access attachments (JT-60824)Low2020.4.6808Sans objetCVE-2021-25769
YouTrackServer-side template injection in the YouTrack Cloud. Reported by Vasily Vasilkov (JT-61449)High2020.5.3123Sans objetCVE-2021-25770
YouTrackProject information disclosure (JT-61566)Low2020.6.1099Sans objetCVE-2021-25771
IdeaVimIn limited circumstances, IdeaVim might have caused information leak (VIM-2019)High0.58Sans objetCVE-2020-27623
IntelliJ IDEABuilt-in web server could expose information about IDE version (IDEA-240567)Low2020.2Sans objetCVE-2020-27622
JetBrains AccountImproper rate limit. Reported by Ashhad Ali (JPF-11026)Low2020.09CWE-799Sans objet
JetBrains AccountPassword reset token might be disclosed to a third party. Reported by Sheikh Rishad (JPF-11034)Low2020.10CWE-201Sans objet
JetBrains MarketplaceBlind SSRF. Reported by Yurii Sanin (MP-3119)HighNot applicableCWE-918Sans objet
JetBrains WebsiteReflected XSS. Reported by Peter af Geijerstam (JS-13032)MediumNot applicableCWE-79Sans objet
JetBrains WebsiteHTML injection was possible on several pages (JS-13041)MediumNot applicableCWE-79Sans objet
JetBrains WebsiteClickjacking was possible on several pages (JS-13042)LowNot applicableCWE-1021Sans objet
JetBrains WebsiteSSRF on the website. Reported by Mohamed Lahraoui (SDP-1174)LowNot applicableCWE-918Sans objet
KtorHTTP request smuggling was possible. Reported by ZeddYu Lu and Kaiwen Shen (KTOR-841)Medium1.4.1Sans objetCVE-2020-26129
SpaceUnauthorized access to environment variables containing private data (SPACE-10723)MediumNot applicableCWE-532Sans objet
TeamCityURL injection was possible (TW-44171)Low2020.1.2Sans objetCVE-2020-27627
TeamCityGuest user had access to audit records (TW-67750)Medium2020.1.5Sans objetCVE-2020-27628
TeamCitySecure dependency parameters could be not masked in depending builds when there are no internal artifacts (TW-67775)High2020.1.5Sans objetCVE-2020-27629
Toolbox AppLimited RCE via jetbrains protocol handler. Reported by Jeffrey van Gogh and Yuriy Solodkyy (SDP-1177)Low1.18Sans objetCVE-2020-25207
Toolbox AppDenial of service via jetbrains protocol handler (TBX-5281)Low1.18.7455Sans objetCVE-2020-25013
YouTrackBlind SSRF. Reported by Yurii Sanin (JT-58015)Low2020.3.888Sans objetCVE-2020-27624
YouTrackNotifications might have mentioned inaccessible issues (JT-58329)Low2020.3.888Sans objetCVE-2020-27625
YouTrackSSRF in YouTrack InCloud. Reported by Yurii Sanin (JT-58962)Medium2020.3.5333Sans objetCVE-2020-27626
YouTrackImproper access control allowed retrieving issue description without appropriate access. Reported by Yurii Sanin (JT-59015)Critical2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.3.65516, 2019.2.65515, 2019.1.65514Sans objetCVE-2020-24618
YouTrackImproper access control for some subresources leads to information disclosure. Reported by Yurii Sanin (JT-59130)Medium2020.3.6638Sans objetCVE-2020-25209
YouTrackAn attacker could access workflow rules without appropriate access grants (JT-59474)High2020.3.7955Sans objetCVE-2020-25210
YouTrack MobileInformation disclosure via application backups. Reported by Cristi Vlad (YTM-5518)Low2020.2.0Sans objetCVE-2020-24366
DataloreStack trace disclosure. (DL-7350)Low0.0.1CWE-536Sans objet
DataloreReverse tabnabbing was possible. (DL-7708)Low0.0.1CWE-1022Sans objet
JetBrains AccountMissed throttling for reset password functionality in case of 2FA enabled. Reported by Manu Pranav. (JPF-10527)Medium2020.06CWE-799Sans objet
JetBrains WebsiteStack trace disclosure in case of incorrect character in request. (JS-12490)LowNot applicableCWE-536Sans objet
JetBrains WebsiteReflected XSS on jetbrains.com subdomain. Reported by Ritik Chaddha. (JS-12562)LowNot applicableCWE-79Sans objet
JetBrains WebsiteOpen-redirect issues on kotlinconf.com. Reported by Ritik Chaddha. (JS-12581)LowNot applicableCWE-601Sans objet
JetBrains WebsiteClickjacking was possible at a non-existent page. Reported by Pravas Ranjan Kanungo. (JS-12835)LowNot applicableCWE-1021Sans objet
KotlinScript cache privilege escalation vulnerability. Reported by Henrik Tunedal. (KT-38222)Medium1.4.0Sans objetCVE-2020-15824
SpaceDraft title was disclosed to a user without access to the draft. (SPACE-5594)LowNot applicableCWE-200Sans objet
SpaceMissing authorisation check caused privilege escalation. Reported by Callum Carney. (SPACE-8034)HighNot applicableCWE-266Sans objet
SpaceBlind SSRF via calendar import. Reported by Yurii Sanin. (SPACE-8273)MediumNot applicableCWE-918Sans objet
SpaceThe drafts of the direct messages sent from iOS app could be sent to the channel. (SPACE-8377)LowNot applicableCWE-200Sans objet
SpaceChat messages are propagated to the browser console. (SPACE-8386)HighNot applicableCWE-215Sans objet
SpaceMissed authentication checks in Space Automation. (SPACE-8431)CriticalNot applicableCWE-306Sans objet
SpaceMissed authentication checks in Job related API. (SPACE-8822)LowNot applicableCWE-306Sans objet
SpaceIncorrect checks of public key content. (SPACE-9169)MediumNot applicableCWE-287Sans objet
SpaceStored XSS via repository resource. (SPACE-9277)HighNot applicableCWE-79Sans objet
TeamCityUsers were able to assign more permissions than they had. (TW-36158)Low2020.1Sans objetCVE-2020-15826
TeamCityUsers with "Modify group" permission can elevate other users privileges. (TW-58858)Medium2020.1Sans objetCVE-2020-15825
TeamCityPassword parameters could be disclosed via build logs. (TW-64484)Low2019.2.3Sans objetCVE-2020-15829
TeamCityProject parameter values could be retrieved by a user without appropriate permissions. (TW-64587)High2020.1.1Sans objetCVE-2020-15828
TeamCityReflected XSS on administration UI. (TW-64668)High2019.2.3Sans objetCVE-2020-15831
TeamCityStored XSS on administration UI. (TW-64699)High2019.2.3Sans objetCVE-2020-15830
Toolbox AppMissed signature on "jetbrains-toolbox.exe". (TBX-4671)Low1.17.6856Sans objetCVE-2020-15827
UpSourceUnauthorised access was possible through error in accounts linking. (SDP-940)Low2020.1Sans objetCVE-2019-19704
YouTrackSubtasks workflow could disclose issue existence. (JT-45316)Low2020.2.8527Sans objetCVE-2020-15818
YouTrackAn external user could execute commands against arbitrary issues. (JT-56848)High2020.1.1331Sans objetCVE-2020-15817
YouTrackSSRF vulnerability that allowed scanning internal ports. Reported by Evren Yalçın. (JT-56917)Low2020.2.10643Sans objetCVE-2020-15819
YouTrackMarkdown parser could disclose hidden file existence. (JT-57235)Low2020.2.6881Sans objetCVE-2020-15820
YouTrackA user without permission was able to create articles draft. (JT-57649)Medium2020.2.6881Sans objetCVE-2020-15821
YouTrackAWS metadata of YouTrack InCloud instance disclosure via SSRF in Workflow. Reported by Yurii Sanin. (JT-57964)High2020.2.8873Sans objetCVE-2020-15823
YouTrackSSRF was possible due to the fact that URL filtering could be escaped. Reported by Yurii Sanin. (JT-58204)Low2020.2.10514Sans objetCVE-2020-15822
YouTrack InCloudPossibility to change redirect from any existing YouTrack InCloud instance to other instance. (JT-57036)Medium2020.1.3588CWE-601Sans objet
DataloreUser's SSH key can be deleted without appropriate permissions. Reported by Callum Carney (DL-7833)Medium0.0.1CWE-639Sans objet
DataloreSSRF could be caused by an attached file. Reported by Callum Carney (DL-7836)High0.0.1CWE-918Sans objet
GoLandPlain HTTP was used to access plugin repository (GO-8694)Low2019.3.2Sans objetCVE-2020-11685
HubContent spoofing at Hub OAuth error message was possible (JPS-10093)Medium2020.1.12099Sans objetCVE-2020-11691
IntelliJ IDEALicense server could be resolved to untrusted host in some cases (IDEA-219748)High2020.1Sans objetCVE-2020-11690
JetBrains AccountNon-unique QR codes were generated during consequentattempts to setup 2FA (JPF-10149)Low2020.01CWE-342Sans objet
JetBrains AccountClickjacking was possible on a JetBrains Account page. Reported by Raja Ahtisham (JPF-10154) Medium2020.01CWE-1021Sans objet
JetBrains AccountCustomer name enumeration by numeric customer ID was possible (JPF-10159, JPF-10301)High2020.03CWE-200Sans objet
JetBrains AccountCountry value coming from a user wasn't correctly validated (JPF-10258)High2020.02CWE-285Sans objet
JetBrains AccountInformation disclosure from JetBrains Account was possible via "Back" button. Reported by Ratnadip Gajbhiye (JPF-10266)Low2020.02CWE-200Sans objet
JetBrains MarketplaceUploading malicious file via Screenshots form could cause XSS (MP-2637)MediumNot applicableCWE-79Sans objet
JetBrains WebsiteReflected XSS at jetbrains.com was possible. Reported by Rahad Chowdhury (JS-11769)HighNot applicableCWE-79Sans objet
PyCharmApple Notarization Service credentials were included to PyCharm distributive for Windows reported by Ruby Nealon (IDEA-232217)High2019.3.3, 2019.2.6Sans objetCVE-2020-11694
SpaceSession timeout period was configured improperly (SPACE-4717)LowNot applicableSans objetCVE-2020-11795
SpaceStored XSS in Space chats was possible. Reported by Callum Carney (SPACE-6556)MediumNot applicableSans objetCVE-2020-11416
SpacePassword authentication implementation was insecure (SPACE-7282)HighNot applicableSans objetCVE-2020-11796
TeamCityPasswords values were shown not being masked on several pages (TW-64186)Low2019.2.2Sans objetCVE-2020-11687
TeamCityProject administrator was able to see scrambled password parameters used in a project (TW-58099)Medium2019.2.2Sans objetCVE-2020-11938
TeamCityProject administrator was able to retrieve some TeamCity server settings (TW-61626)Low2019.1.4Sans objetCVE-2020-11686
TeamCityApplication state kept alive after a user ends his session (TW-61824)Low2019.2.1Sans objetCVE-2020-11688
TeamCityA user without appropriate permissions was able import settings from settings.kts (TW-63698)Low2019.2.1Sans objetCVE-2020-11689
YouTrackDB export was accessible to read-only administrators (JT-56001)Low2020.1.659Sans objetCVE-2020-11692
YouTrackDoS could be performed by attaching malformed TIFF to an issue. Reported by Chris Smith (JT-56407)High2020.1.659Sans objetCVE-2020-11693
IDETalk pluginXXE in IDETalk plugin. (IDEA-220136 reported by Srikanth Ramu)Medium193.4099.10Sans objetCVE-2019-18412
IntelliJ IDEASome Maven repositories are accessed via HTTP instead of HTTPs. (IDEA-216282)High2019.3Sans objetCVE-2020-7904
IntelliJ IDEAPorts listened to by IntelliJ IDEA are exposed to the network. (IDEA-219695)Low2019.3Sans objetCVE-2020-7905
IntelliJ IDEAXSLT debugger plugin misconfiguration allows arbitrary file read over network. (IDEA-216621 reported by Anatoly Korniltsev)Medium2019.3Sans objetCVE-2020-7914
JetBrains AccountProfile names are exposed by email. (JPF-9219 reported by Timon Birk)Low2019.11CWE-200Sans objet
JetBrains AccountMissing secure flag for cookie. (JPF-9857)Low2019.11CWE-614Sans objet
JetBrains AccountInsufficient authentication on contact view. (JPF-10024)High2019.11CWE-287Sans objet
JetBrains AccountInsufficient authentication on role update. (JPF-10025)High2019.11CWE-287Sans objet
JetBrains AccountXSS on the spending report page. (JPF-10027)Medium2019.12CWE-79Sans objet
JetBrains AccountOpen redirect during re-acceptance of license agreements. (JPF-10028)Low2019.11CWE-601Sans objet
JetBrains AccountInformation exposure during processing of license requests. (JPF-10111)High2019.12CWE-200Sans objet
JetBrains MarketplaceXSS on several pages. (MP-2617, MP-2640, MP-2642)LowNot applicableCWE-79Sans objet
JetBrains MarketplaceImproper access control during plugins upload. (MP-2695)CriticalNot applicableCWE-284Sans objet
JetBrains WebsiteCookie XSS at jetbrains.com. (JS-10969)HighNot applicableCWE-79Sans objet
KtorThe Ktor framework is vulnerable to HTTP Response Splitting. Reported by Jonathan LeitschuhHigh1.2.6Sans objetCVE-2019-19389
KtorThe Ktor client resends authorization data to a redirect location. Reported by Jonathan LeitschuhLow1.2.6Sans objetCVE-2019-19703
KtorRequest smuggling is possible when both chunked Transfer-Encoding and Content-Length are specified. Reported by Jonathan LeitschuhLow1.3.0Sans objetCVE-2020-5207
RiderUnsigned binaries in Windows installer. (RIDER-30393)Medium2019.3Sans objetCVE-2020-7906
Scala pluginArtifact dependencies were resolved over unencrypted connections. (SCL-15063)High2019.2.1Sans objetCVE-2020-7907
TeamCityReverse Tabnabbing is possible on several pages. (TW-61710, TW-61726, TW-61727)Low2019.1.5Sans objetCVE-2020-7908
TeamCitySome server-stored passwords can be shown via web UI. (TW-62674)High2019.1.5Sans objetCVE-2020-7909
TeamCityPossible stored XSS attack by a user with a developer role. (TW-63298)Medium2019.2Sans objetCVE-2020-7910
TeamCityStored XSS on user-level pages. (TW-63160)High2019.2Sans objetCVE-2020-7911
YouTrackCORS misconfiguration on youtrack.jetbrains.com. (JT-53675)MediumNot applicableCWE-346Sans objet
YouTrackSMTP/Jabber settings can be accessed using backups. (JT-54139)Medium2019.2.59309Sans objetCVE-2020-7912
YouTrackXSS via image upload at youtrack-workflow-converter.jetbrains.com. (JT-54589)LowNot applicableCWE-80Sans objet
YouTrackXSS via issue description. (JT-54719)High2019.2.59309Sans objetCVE-2020-7913
HubUsername enumeration was possible through password recovery. JPS-9655, JPS-9938Low2019.1.11738Sans objetCVE-2019-18360
IntelliJ IDEALocal user privilege escalation potentially allowed arbitrary code execution. IDEA-216623Low2019.2Sans objetCVE-2019-18361
JetBrains AccountAccount removal without re-authentication was possible. JPF-9611 reported by Siamul Islam.Medium2019.9CWE-306Sans objet
JetBrains AccountPassword reset link was not invalidated during password change through profile. JPF-9610 reported by Elliot V. Daniel.Medium2019.8CWE-613Sans objet
MPSPorts listened to by MPS are exposed to the network. MPS-30661Low2019.2.2Sans objetCVE-2019-18362
TeamCityAccess could be gained to the history of builds of a deleted build configuration under some circumstances. TW-60957Medium2019.1.2Sans objetCVE-2019-18363
TeamCityInsecure Java Deserialization could potentially allow RCE. TW-61928 reported by Aleksei "GreenDog" Tiurin.Medium2019.1.4Sans objetCVE-2019-18364
TeamCityReverse tabnabbing was possible on several pages. TW-61323, TW-61725,TW-61726, TW-61646,TW-62123Low2019.1.4Sans objetCVE-2019-18365
TeamCitySecure values could be exposed to users with the ‘View build runtime parameters and data’ permission.Low2019.1.2Sans objetCVE-2019-18366
TeamCityA non-destructive operation could be performed by a user without the corresponding permissions. TW-61107Low2019.1.2Sans objetCVE-2019-18367
Toolbox AppPrivilege escalation was possible in the JetBrains Toolbox App for Windows.TBX-3759Low1.15.5666Sans objetCVE-2019-18368
YouTrackRemoving tags from issues list without corresponding permission was possible. JT-53465Low2019.2.55152Sans objetCVE-2019-18369
YouTrack InCloudSending of arbitrary spam email from a Youtrack instance was possible. JT-54136, ADM-13823, ADM-34971LowNot applicableCWE-285Sans objet
Exception AnalyzerInsecure transfer of JetBrains Account credentials. EXA-652CriticalNot applicableCWE-598Sans objet
HubNo way to set a password to expire automatically. JPS-8816Low2018.4.11436Sans objetCVE-2019-14955
IdeaVimProject data appeared in user level settings. VIM-1184Medium0.52Sans objetCVE-2019-14957
IntelliJ IDEAResolving artifacts using an http connection, potentially allowing an MITM attack. IDEA-211231High2019.2Sans objetCVE-2019-14954
JetBrains AccountAuthorized account enumeration. JPF-9370Low2019.5CWE-204Sans objet
JetBrains AccountCross-origin resource sharing misconfiguration (Reported by Vishnu Vardhan). JPF-9095Low2019.5CWE-942Sans objet
JetBrains AccountNo rate limitation on the account details page. JPF-9704Medium2019.8CWE-770Sans objet
JetBrains AccountNo rate limitation on the licenses page. JPF-9713High2019.9CWE-770Sans objet
JetBrains AccountUnauthorized disclosure of license email on the licenses page. JPF-9692Critical2019.8CWE-284Sans objet
JetBrains WebsiteReflected XSS. JS-9853MediumNot applicableCWE-79Sans objet
KtorCommand injection through LDAP username.Medium1.2.0-rc, 1.2.0Sans objetCVE-2019-12736
KtorPredictable Salt for user credentials.Medium1.2.0-rc2, 1.2.0Sans objetCVE-2019-12737
PyCharmRemote call causing an “out of memory” error was possible. PY-35251Low2019.2Sans objetCVE-2019-14958
ReSharperDLL hijacking vulnerability. RSRP-473674High2019.2Sans objetCVE-2019-16407
RiderUnsigned DLL was used in a distributive. RIDER-27708Medium2019.1.2Sans objetCVE-2019-14960
TeamCityPreviously used unencrypted passwords were suggested by a web browser’s auto-completion. TW-59759Low2019.1CWE-200Sans objet
TeamCityVMWare plugin did not check SSL certificate. TW-59562Medium2019.1Sans objetCVE-2019-15042
TeamCityRemote Code Execution on the server with certain network configurations. TW-60430Medium2019.1Sans objetCVE-2019-15039
TeamCityProject administrator could get unauthorized access to server-level data. TW-60220High2019.1Sans objetCVE-2019-15035
TeamCityProject administrator could execute any command on the server machine. TW-60219High2019.1Sans objetCVE-2019-15036
TeamCitySecurity has been tightened thanks to using additional HTTP headers. TW-59034High2019.1Sans objetCVE-2019-15038
TeamCityPossible XSS vulnerabilities on the settings pages. TW-59870, TW-59852, TW-59817, TW-59838, TW-59816High2019.1Sans objetCVE-2019-15037
TeamCityXSS vulnerability. TW-61242, TW-61315High2019.1.2Sans objetCVE-2019-15848
Toolbox AppUnencrypted connection to external resources, potentially allowed an MITM attack. TBX-3327, ADM-30275Low1.15.5605CWE-311CVE-2019-14959
UpSourceInsufficient escaping of code blocks. UP-10387Medium2019.1.1412Sans objetCVE-2019-14961
UpSourceCredentials exposure via RPC command. UP-10344Critical2018.2.1290Sans objetCVE-2019-12156
UpSourceCredentials exposure via RPC command. UP-10343Critical2018.2.1293Sans objetCVE-2019-12157
YouTrackA user could get a list of project names under certain conditions. JT-53162Low2019.2.53938Sans objetCVE-2019-14956
YouTrackStored XSS via issue attachments. JT-51077High2019.2.53938Sans objetCVE-2019-14953
YouTrackStored XSS on the issue page. JT-54121High2019.2.56594Sans objetCVE-2019-16171
YouTrackStored XSS in the issues list. JT-52894High2019.1.52584Sans objetCVE-2019-14952
YouTrackA compromised URL was automatically whitelisted by YouTrack. JT-47653Low2019.1.52545Sans objetCVE-2019-15041
YouTrackCross-Site Request Forgery. JT-30098Low2019.1Sans objetCVE-2019-15040
CLionThe suggested WSL configuration exposed a local SSH server to the internal network. CPP-15063MediumNot applicableCWE-276Sans objet
HubA user password could appear in the audit events for certain server settings. JPS-7895High2018.4.11298Sans objetCVE-2019-12847
IntelliJ IDEAThe default configuration for Spring Boot apps was not secure. IDEA-204439High2018.3.4, 2019.1Sans objetCVE-2019-9186
IntelliJ IDEAThe application server configuration allowed cleartext storage of secrets. IDEA-201519, IDEA-202483, IDEA-203271High2018.1.8, 2018.2.8, 2018.3.5, 2019.1Sans objetCVE-2019-9872
IntelliJ IDEAThe implementation of storage in the KeePass database was not secure. IDEA-200066Low2018.3, 2019.1CWE-922Sans objet
IntelliJ IDEAA certain application server configuration allowed cleartext storage of secrets. IDEA-199911Low2018.3CWE-317Sans objet
IntelliJ IDEAA certain application server configuration allowed cleartext storage of secrets. IDEA-203613Medium2018.1.8, 2018.2.8, 2018.3.5Sans objetCVE-2019-9823
IntelliJ IDEAA certain remote server configurations allowed cleartext storage of secrets. IDEA-203272, IDEA-203260, IDEA-206556, IDEA-206557High2019.1Sans objetCVE-2019-9873
IntelliJ IDEAThe run configuration of certain application servers allowed remote code execution while running the server with the default settings. IDEA-204570High2017.3.7, 2018.1.8, 2018.2.8, 2018.3.4Sans objetCVE-2019-10104
JetBrains AccountAn open redirect vulnerability via the backUrl parameter was detected. JPF-8899MediumNot applicableCWE-601Sans objet
JetBrains AccountThe host header injection vulnerability was detected at account.jetbrains.com. ADM-20535MediumNot applicableCWE-444Sans objet
JetBrains MarketplaceSome HTTP Security Headers were missing. MP-2004MediumNot applicableCWE-693Sans objet
JetBrains MarketplaceA reflected XSS was detected. MP-2001MediumNot applicableCWE-79Sans objet
JetBrains MarketplaceA CSRF vulnerability was detected. MP-2002MediumNot applicableCWE-352Sans objet
JetBrains WebsiteA reflected XSS was detected. JT-51074LowNot applicableCWE-79Sans objet
KotlinThe JetBrains Kotlin project was resolving artifacts using anhttp connection during the build process, potentially allowing an MITM attack.Medium1.3.30Sans objetCVE-2019-10101
Kotlin plugin for IntelliJIntelliJ IDEA projects created using the KotlinIDE template were resolving artifacts using an http connection, potentially allowing an MITM attack.Medium1.3.30Sans objetCVE-2019-10102
PyCharmA certain remote server configuration allowed cleartext storage of secrets. PY-32885Medium2018.3.2CWE-209Sans objet
TeamCityA possible stored JavaScript injection was detected. TW-59419Medium2018.2.3Sans objetCVE-2019-12844
TeamCityThe generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. TW-59379Medium2018.2.3Sans objetCVE-2019-12845
TeamCityA possible stored JavaScript injection requiring a deliberate server administrator action was detected. TW-55640Medium2018.2.3Sans objetCVE-2019-12843
TeamCityIncorrect handling of user input in ZIP extraction. TW-57143Medium2018.2.2Sans objetCVE-2019-12841
TeamCityA reflected XSS on a user page was detected. TW-58661Medium2018.2.2Sans objetCVE-2019-12842
TeamCityA user without the required permissions could gain access to some settings. TW-58571Medium2018.2.2Sans objetCVE-2019-12846
YouTrackAn SSRF attack was possible on a YouTrack server. JT-51121High2018.4.49168Sans objetCVE-2019-12852
YouTrackAn Insecure Direct Object Reference was possible. JT-51103Low2018.4.49168Sans objetCVE-2019-12866
YouTrackCertain actions could cause privilege escalation for issue attachments. JT-51080Medium2018.4.49168Sans objetCVE-2019-12867
YouTrackA query injection was possible. JT-51105Low2018.4.49168Sans objetCVE-2019-12850
YouTrackA CSRF vulnerability was detected in one of admin endpoints. JT-51110Medium2018.4.49852Sans objetCVE-2019-12851
YouTrackThe YouTrack Confluence plugin allowed the SSTI vulnerability. JT-51594Medium1.8.1.3Sans objetCVE-2019-10100
YouTrack InCloudAn unauthorized disclosure of license details to an attacker #2 was possible. JT-51117LowNot applicableCWE-284Sans objet
HubAdmin account takeover of a system authorized with Hub was possible. JPS-9594Critical2018.3.11035Sans objetSans objet
HubXXE was possible. JPS-9616, UP-10218High2018.4.11067Sans objetSans objet
JetBrains AccountDisclosure of email address within unsuccessful login attempt. JPF-8663High4.11Sans objetSans objet
TeamCityReflected XSS on user-level pages. TW-58065, TW-58234High2018.2Sans objetSans objet
TeamCityStored XSS on the build details page. TW-58129, TW-58138High2018.2Sans objetSans objet
TeamCityExposure of sensitive parameter value to a privileged user was possible. TW-56946Medium2018.1.3Sans objetSans objet
UpSourceA privileged user had access to user credentials in rare case. UP-10092Medium2018.2.1141Sans objetSans objet
YouTrackUnauthorized access to project and user details with guest user banned was possible. JT-50970, JT-49827, JT-50611, JT-50203High2018.3.47010Sans objetSans objet
YouTrackStored XSS on YouTrack issue page. JT-50201Low2018.3.47965Sans objetSans objet
YouTrack InCloudUnauthorized disclosure of YouTrack InCloud subscription information was possible. JPF-8714, JT-51001High2018.4.48293Sans objetSans objet
YouTrack InCloudUnauthorized access to the email address of YouTrack InCloud was possible. JT-50946High2018.4.48293Sans objetSans objet
dotPeekRemote Code Execution was possible while operating specific files. DOTP-7635High2018.1.4Sans objetSans objet
HubHub stored license information in log files. JPS-9187Low2018.2.10527Sans objetSans objet
IntelliJ IDEAInsecure connection used to access JetBrains resources. IDEA-187601, IDEA-192440Medium2018.1.5Sans objetSans objet
IntelliJ IDEAIncorrect handling of user input in ZIP extraction. IDEA-191679, IDEA-191680, IDEA-193358High2018.2Sans objetSans objet
JetBrains AccountA few customer profiles were made available without authorization. JPF-8211MediumNot applicableSans objetSans objet
JetBrains AccountIt was possible to obtain customer business email from order reference. JPF-7903MediumNot applicableSans objetSans objet
JetBrains MarketplaceXXE vulnerability. MP-1708LowNot applicableSans objetSans objet
JetBrains MarketplaceIncorrect handling of user input in ZIP extraction. MP-1678MediumNot applicableSans objetSans objet
ReSharperIncorrect handling of user input in ZIP extraction. RSRP-470115High2018.1.3Sans objetSans objet
TeamCityCSRF vulnerability. TW-55992Medium2018.1.1Sans objetSans objet
TeamCityChange of project settings can corrupt settings of other projects. TW-55704Low2018.1.1Sans objetSans objet
TeamCityPossible privilege escalation while viewing agent details. TW-56025Medium2018.1.1Sans objetSans objet
TeamCityPossible unvalidated redirect. TW-56085Medium2018.1.2Sans objetSans objet
TeamCityReflected XSS vulnerabilities. TW-56490, TW-56375, TW-56374Medium2018.1.2Sans objetSans objet
TeamCityStored XSS vulnerabilities. TW-56830, TW-56719Medium2018.1.3Sans objetSans objet
TeamCityStored XSS vulnerabilities. TW-55214, TW-56126, TW-56127, TW-56452, TW-56571Medium2018.1.2Sans objetSans objet
YouTrackReflected XSS vulnerability. JT-48606Medium2018.2.45073Sans objetSans objet
YouTrackPossible privilege escalation via deprecated REST API. JT-48605Low2018.2.45073Sans objetSans objet
YouTrackPossible tabnabbing via issue content. JT-47993Low2018.2.44329Sans objetSans objet
HubClickJacking vulnerability. JPS-7209Low2017.4.8040Sans objetSans objet
HubClickJacking vulnerability. JPS-8009Low2018.2.9541Sans objetSans objet
IntelliJ IDEAROBOT attack vulnerability in certain subsystems. IDEA-183912Low2018.1.3Sans objetSans objet
Scala pluginPossible unauthenticated access to local compile server. SCL-13584Medium2018.2Sans objetSans objet
TeamCityPossible privilege escalation to server administrator. TW-55209High2018.1Sans objetSans objet
TeamCityCSRF attack vulnerability. TW-55210High2018.1Sans objetSans objet
TeamCityPossible privilege escalation from project administrator to server administrator. TW-55211, TW-55684High2018.1Sans objetSans objet
TeamCityPossible unauthorized removal of installation data by project administrator. TW-54876High2018.1Sans objetSans objet
TeamCityNetwork access to an agent allowed potential unauthorized control over the agent. TW-49335Medium2018.1Sans objetSans objet
TeamCityIn a very specific scenario, an attacker could steal web responses meant for other users. TW-54486Medium2018.1Sans objetSans objet
TeamCityStored XSS vulnerabilities on various pages. TW-27206, TW-54129, TW-55453, TW-55215, TW-55217, TW-55353Medium2018.1Sans objetSans objet
TeamCityProject viewer could delete non-critical project settings. TW-55261Medium2018.1Sans objetSans objet
TeamCityNetwork access to a server allowed potential read access to project settings. TW-54870Medium2018.1Sans objetSans objet
TeamCityProject viewer could affect details of some running builds. TW-54975Medium2018.1Sans objetSans objet
TeamCityReflected XSS vulnerabilities on various pages. TW-55212, TW-55213Medium2018.1Sans objetSans objet
TeamCityUser self-registration might have been enabled by default on new server installation. TW-54741Medium2017.2.4, 2018.1Sans objetSans objet
TeamCityPossible vulnerability to ClickJacking attack from TeamCity UI. TW-33819Medium2017.2.4, 2018.1Sans objetSans objet
TeamCityProject viewer could bypass the "View build runtime parameters and data" permission. TW-55502Low2018.1Sans objetSans objet
TeamCityNetwork access to a server exposed a vulnerability to DoS attacks. TW-11984Low2018.1Sans objetSans objet
TeamCityPotential to pass authorization cookies without secure flags. TW-55141Low2018.1Sans objetSans objet
UpSourceVulnerability to ClickJacking attack. UP-9673Medium2018.1Sans objetSans objet
UpSourcePossible privilege escalation during the configuration process. BND-1154, BND-1579, UP-7359. Reported by Zhiyong Feng from Mobike Security TeamLow2018.1Sans objetSans objet
YouTrackStored XSS vulnerabilities from specific pages. JT-47824High2018.2.42881Sans objetSans objet
YouTrackPotential for unauthorized users to view names of SSL keys. JT-47685Low2018.2.42881Sans objetSans objet
YouTrackSwimlane functionality allowed unauthorized changes to a limited number of issue properties. JT-47125Low2018.2.42133Sans objetSans objet
dotTracedotTrace allowed privilege escalation (PROF-668)Critical2017.1, 2017.2, 2017.3, 2018.1Sans objetSans objet
HubLimitation of login attempts at hub.jetbrains.com was disabled (JPS-7627)Low2018.1.9041Sans objetSans objet
HubIt was possible to obtain a new access token for a banned user (JPS-7553)Low2017.4.8440Sans objetSans objet
IntelliJ IDEAYourKit profiler port was available externally in EAP builds for Linux (IDEA-184795)Low2018.1Sans objetSans objet
JetBrains AccountPrivilege escalation was possible for JetBrains Account activity log (JPF-7437)MediumNot applicableSans objetSans objet
JetBrains AccountValid password links might remain upon password reset (JPF-7335)LowNot applicableSans objetSans objet
TeamCityVCS preview allowed XSS attack (TW-54027)Medium2017.2.3Sans objetSans objet
TeamCityData Directory preview allowed XSS attack (TW-54021)Low2017.2.3Sans objetSans objet
TeamCityvmWare plugin settings allowed XSS attack (TW-53984)High2017.2.3Sans objetSans objet
TeamCityVCS settings allowed XSS attack (TW-53943, TW-53978)High2017.2.3Sans objetSans objet
TeamCityAuthentication bypass was possible with certain Windows server configuration (TW-53507)Medium2017.2.2Sans objetSans objet
TeamCityProject administrator could run arbitrary code (TW-50054)High2017.2.2Sans objetSans objet
TeamCityBuild fields allowed XSS attack (TW-53466)Medium2017.2.2Sans objetSans objet
TeamCityMultiple XSS vulnerabilities (reported by Viktor Gazdag of NCC Group) (TW-53442)High2017.2.2Sans objetSans objet
UpSourceMultiple XSS vulnerabilities (Reported by Viktor Gazdag of NCC Group) (UP-9606)Medium2017.3.2888Sans objetSans objet
YouTrackRSS feed allowed unauthorized access to comments with certain configuration (JT-46375)Medium2018.1.40341Sans objetSans objet
YouTrackREST API allowed unauthorized access to attachments of hidden comments (JT-46004)Medium2018.1.40341Sans objetSans objet
YouTrackRSS feed allowed unauthorized access to issues list with certain configuration (JT-46159)High2018.1.40066Sans objetSans objet
YouTrackCustom fields allowed privilege escalation for guest user account (JT-46115)Medium2018.1.40025Sans objetSans objet
YouTrackIssue linking permission bypassing was available via "Create issue linked as..." (JT-25321)Medium2017.4.39533Sans objetSans objet
YouTrackUnauthorized access to issue content was possible even if guest user access was restricted in the bundle installer (JT-45284)Low2017.4.39083Sans objetSans objet
YouTrackActivity records for private fields were available to users with read-only permissions (JT-45282)Medium2017.4.39083Sans objetSans objet
Produit
Sélectionnez une option
Version de correction
Sélectionnez une option