This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
Product | Description | Severity | Resolved In | CWE | CVE |
---|---|---|---|---|---|
TeamCity | Several DOM-based XSS were possible on the Code Inspection Report tab (TW-87505) | Medium | 2024.12.2 | CWE-79 | CVE-2025-26493 |
TeamCity | Improper Kubernetes connection settings could expose sensitive resources (TW-91106) | High | 2024.12.2 | CWE-522 | CVE-2025-26492 |
dotTrace | Local Privilege Escalation via the ETW Host Service was possible (DTRC-31503) | High | 2024.3.4, 2024.2.8, 2024.1.7 | CWE-114 | CVE-2025-23385 |
ETW Host Service | Local Privilege Escalation via the ETW Host Service was possible (DTRC-31503) | High | 16.43 | CWE-114 | CVE-2025-23385 |
ReSharper | Local Privilege Escalation via the ETW Host Service was possible (DTRC-31503) | High | 2024.3.4, 2024.2.8, 2024.1.7 | CWE-114 | CVE-2025-23385 |
Rider | Local Privilege Escalation via the ETW Host Service was possible (DTRC-31503) | High | 2024.3.4, 2024.2.8, 2024.1.7 | CWE-114 | CVE-2025-23385 |
Hub | Privilege escalation was possible via LDAP authentication mapping. Reported by Pavel Supruniuk (HUB-12012) | Medium | 2024.3.55417 | CWE-288 | CVE-2025-24456 |
TeamCity | Reflected XSS was possible on the Vault Connection page (TW-91124) | Medium | 2024.12.1 | CWE-79 | CVE-2025-24459 |
TeamCity | Improper access control allowed to see Projects’ names in the agent pool (TW-52375, TW-91367) | Medium | 2024.12.1 | CWE-863 | CVE-2025-24460 |
TeamCity | Decryption of connection secrets without proper permissions was possible via Test Connection endpoint (TW-91164) | Medium | 2024.12.1 | CWE-862 | CVE-2025-24461 |
YouTrack | Permanent tokens could be exposed in logs. Reported by Dmitriy Titarenko (JT-86763) | Medium | 2024.3.55417 | CWE-532 | CVE-2025-24457 |
YouTrack | Account takeover was possible via spoofed email and Helpdesk integration (JT-85444) | High | 2024.3.55417 | CWE-290 | CVE-2025-24458 |
TeamCity | Improper access control allowed viewing details of unauthorized agents (TW-85841) | Medium | 2024.12 | CWE-863 | CVE-2024-56348 |
TeamCity | Improper access control allowed unauthorized users to modify build logs (TW-90726) | Medium | 2024.12 | CWE-862 | CVE-2024-56349 |
TeamCity | Build credentials allowed unauthorized viewing of projects (TW-24904) | Medium | 2024.12 | CWE-863 | CVE-2024-56350 |
TeamCity | Access tokens were not revoked after removing user roles (TW-76910) | Medium | 2024.12 | CWE-613 | CVE-2024-56351 |
TeamCity | Stored XSS was possible via image name on the agent details page (TW-89485) | Medium | 2024.12 | CWE-79 | CVE-2024-56352 |
TeamCity | Backup file exposed user credentials and session cookies. Reported by Thomas Siegbert (TW-89719) | Medium | 2024.12 | CWE-212 | CVE-2024-56353 |
TeamCity | Password field value were accessible to users with view settings permission (TW-49870) | Medium | 2024.12 | CWE-522 | CVE-2024-56354 |
TeamCity | Missing Content-Type header in RemoteBuildLogController response could lead to XSS (TW-80940) | Medium | 2024.12 | CWE-79 | CVE-2024-56355 |
TeamCity | Insecure XMLParser configuration could lead to potential XXE attack (TW-86582) | Medium | 2024.12 | CWE-611 | CVE-2024-56356 |
YouTrack | Unauthenticated database backup download was possible via vulnerable query parameter (JT-85385) | Low | 2024.3.51866 | CWE-862 | CVE-2024-54153 |
YouTrack | System takeover was possible through path traversal in plugin sandbox (JT-85298) | High | 2024.3.51866 | CWE-23 | CVE-2024-54154 |
YouTrack | Improper access control allowed listing of project names during app import without authentication. Reported by Tom Gionfriddo (JT-85830) | Low | 2024.3.51866 | CWE-862 | CVE-2024-54155 |
YouTrack | Multiple merge functions were vulnerable to prototype pollution attack (JT-85614) | Medium | 2024.3.52635 | CWE-1321 | CVE-2024-54156 |
YouTrack | Potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector (JT-85443) | Medium | 2024.3.52635 | CWE-1333 | CVE-2024-54157 |
YouTrack | Potential spoofing attack was possible via lack of Punycode encoding (JT-85607) | Low | 2024.3.52635 | CWE-173 | CVE-2024-54158 |
WebStorm | Code execution in Untrusted Project mode was possible via type definitions installer script. Reported by Ramast Magdy (WEB-69576) | Medium | 2024.3 | CWE-349 | CVE-2024-52555 |
Hub | Improper access control allowed users to generate permanent tokens for unauthorized services (HUB-11932) | Medium | 2024.3.47707 | CWE-862 | CVE-2024-50573 |
YouTrack | Potential ReDoS exploit was possible via email header parsing in Helpdesk functionality (JT-85386) | Medium | 2024.3.47707 | CWE-1333 | CVE-2024-50574 |
YouTrack | Reflected XSS was possible in Widget API (JT-85387) | Medium | 2024.3.47707 | CWE-79 | CVE-2024-50575 |
YouTrack | Stored XSS was possible via vendor URL in App manifest (JT-85389) | Medium | 2024.3.47707 | CWE-79 | CVE-2024-50576 |
YouTrack | Stored XSS was possible via Angular template injection in Hub settings (JT-85384) | Medium | 2024.3.47707 | CWE-79 | CVE-2024-50577 |
YouTrack | Stored XSS was possible via sprint value on agile boards page (JT-85299) | Medium | 2024.3.47707 | CWE-79 | CVE-2024-50578 |
YouTrack | Reflected XSS due to insecure link sanitization was possible (JT-85383) | Medium | 2024.3.47707 | CWE-79 | CVE-2024-50579 |
YouTrack | Multiple XSS were possible due to insecure markdown parsing and custom rendering rule (JT-85295) | Medium | 2024.3.47707 | CWE-79 | CVE-2024-50580 |
YouTrack | Improper HTML sanitization could lead to XSS attack via comment tag (JT-85296) | Medium | 2024.3.47707 | CWE-79 | CVE-2024-50581 |
YouTrack | Stored XSS was possible due to improper HTML sanitization in markdown elements (JT-85297) | Medium | 2024.3.47707 | CWE-79 | CVE-2024-50582 |
Ktor | Improper caching in HttpCache Plugin could lead to response information disclosure. Reported by Nils Barlaug (KTOR-7483) | Medium | 2.3.13 | CWE-524 | CVE-2024-49580 |
YouTrack | Insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests (JT-85294) | High | 2024.3.47197 | CWE-940 | CVE-2024-49579 |
YouTrack | Improper access control allowed users with project update permission to delete applications via API | Medium | 2024.3.46677 | CWE-862 | CVE-2024-48902 |
TeamCity | Password could be exposed via Sonar runner REST API (TW-64557) | Medium | 2024.07.3 | CWE-522 | CVE-2024-47161 |
TeamCity | Path traversal leading to information disclosure was possible via server backups. Reported by Thomas Siegbert (TW-89721) | Medium | 2024.07.3 | CWE-23 | CVE-2024-47948 |
TeamCity | Path traversal allowed backup file write to arbitrary location. Reported by Thomas Siegbert (TW-89723) | Medium | 2024.07.3 | CWE-23 | CVE-2024-47949 |
TeamCity | Stored XSS was possible in Backup configuration settings. Reported by Thomas Siegbert (TW-89700) | Low | 2024.07.3 | CWE-79 | CVE-2024-47950 |
TeamCity | Stored XSS was possible via server global settings (TW-88983) | Low | 2024.07.3 | CWE-79 | CVE-2024-47951 |
YouTrack | User without appropriate permissions could restore workflows attached to a project (JT-82431) | Medium | 2024.3.44799 | CWE-863 | CVE-2024-47159 |
YouTrack | Access to global app config data without appropriate permissions was possible (JT-81376) | Medium | 2024.3.44799 | CWE-863 | CVE-2024-47160 |
YouTrack | Token could be revealed on Imports page (JT-82142) | Medium | 2024.3.44799 | CWE-522 | CVE-2024-47162 |
IntelliJ IDEA | HTML injection via the project name was possible (IJPL-8358) | Low | 2024.1 | CWE-79 | CVE-2024-46970 |
TeamCity | Possible privilege escalation due to incorrect directory permissions. Reported by Crispr Xiang from TianShu Dubhe Team (TW-87656) | High | 2024.07.1 | CWE-276 | CVE-2024-43114 |
TeamCity | Multiple stored XSS was possible on Clouds page (TW-85512) | Medium | 2024.07.1 | CWE-79 | CVE-2024-43807 |
TeamCity | Self XSS was possible in the HashiCorp Vault plugin (TW-84492) | Low | 2024.07.1 | CWE-79 | CVE-2024-43808 |
TeamCity | Reflected XSS was possible on the agentPushPreset page (TW-84016) | Low | 2024.07.1 | CWE-79 | CVE-2024-43809 |
TeamCity | Reflected XSS was possible in the AWS Core plugin (TW-86958) | Medium | 2024.07.1 | CWE-79 | CVE-2024-43810 |
TeamCity | Parameters of the "password" type could leak into the build log in some specific cases (TW-67957) | Medium | 2024.07 | CWE-532 | CVE-2024-41824 |
TeamCity | Stored XSS was possible on the Code Inspection tab (TW-83483) | Medium | 2024.07 | CWE-79 | CVE-2024-41825 |
TeamCity | Stored XSS was possible on Show Connection page (TW-86935) | Low | 2024.07 | CWE-79 | CVE-2024-41826 |
TeamCity | Access tokens could continue working after deletion or expiration (TW-76857) | High | 2024.07 | CWE-613 | CVE-2024-41827 |
TeamCity | Comparison of authorization tokens took non-constant time (TW-85815) | Low | 2024.07 | CWE-208 | CVE-2024-41828 |
TeamCity | An OAuth code for JetBrains Space could be stolen via Space Application connection (TW-84124) | Low | 2024.07 | CWE-303 | CVE-2024-41829 |
TeamCity | Private key could be exposed via testing GitHub App Connection (TW-88255) | Medium | 2024.03.3 | CWE-522 | CVE-2024-39878 |
TeamCity | Application token could be exposed in EC2 Cloud Profile settings (TW-88399) | Medium | 2024.03.3 | CWE-522 | CVE-2024-39879 |
Hub | Stored XSS via project description was possible. Reported by Krzysztof Kamiński (HUB-11601) | Low | 2024.2.34646 | CWE-79 | CVE-2024-38507 |
YouTrack | The Guest User Account was enabled for attaching files to articles (JT-81902) | Medium | 2024.2.34646 | CWE-862 | CVE-2024-38504 |
YouTrack | User access token was sent to the third-party site. Reported by Sergey Zotov (JT-81798) | Medium | 2024.2.34646 | CWE-522 | CVE-2024-38505 |
YouTrack | User without appropriate permissions could enable the auto-attach option for workflows (JT-81214) | Medium | 2024.2.34646 | CWE-862 | CVE-2024-38506 |
Aqua | GitHub access token could be exposed to third-party sites (IJPL-155883) | Critical | 2024.1.2 | CWE-522 | CVE-2024-37051 |
CLion | GitHub access token could be exposed to third-party sites (IJPL-155883) | Critical | 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2 | CWE-522 | CVE-2024-37051 |
DataGrip | GitHub access token could be exposed to third-party sites (IJPL-155883) | Critical | 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4 | CWE-522 | CVE-2024-37051 |
DataSpell | GitHub access token could be exposed to third-party sites (IJPL-155883) | Critical | 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1 | CWE-522 | CVE-2024-37051 |
GoLand | GitHub access token could be exposed to third-party sites (IJPL-155883) | Critical | 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3 | CWE-522 | CVE-2024-37051 |
IntelliJ IDEA | GitHub access token could be exposed to third-party sites (IJPL-155883) | Critical | 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3 | CWE-522 | CVE-2024-37051 |
MPS | GitHub access token could be exposed to third-party sites (IJPL-155883) | Critical | 2023.2.1, 2023.3.1, 2024.1 EAP2 | CWE-522 | CVE-2024-37051 |
PhpStorm | GitHub access token could be exposed to third-party sites (IJPL-155883) | Critical | 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3 | CWE-522 | CVE-2024-37051 |
PyCharm | GitHub access token could be exposed to third-party sites (IJPL-155883) | Critical | 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2 | CWE-522 | CVE-2024-37051 |
Rider | GitHub access token could be exposed to third-party sites (IJPL-155883) | Critical | 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3 | CWE-522 | CVE-2024-37051 |
RubyMine | GitHub access token could be exposed to third-party sites (IJPL-155883) | Critical | 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4 | CWE-522 | CVE-2024-37051 |
RustRover | GitHub access token could be exposed to third-party sites (IJPL-155883) | Critical | 2024.1.1 | CWE-522 | CVE-2024-37051 |
WebStorm | GitHub access token could be exposed to third-party sites (IJPL-155883) | Critical | 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4 | CWE-522 | CVE-2024-37051 |
TeamCity | Path traversal allowing to read files from server was possible (TW-87898) | Medium | 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 | CWE-23 | CVE-2024-36362 |
TeamCity | Several Stored XSS in code inspection reports were possible (TW-83495) | Medium | 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 | CWE-79 | CVE-2024-36363 |
TeamCity | Improper access control in Pull Requests and Commit status publisher build features was possible (TW-84931) | Medium | 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 | CWE-863 | CVE-2024-36364 |
TeamCity | A third-party agent could impersonate a cloud agent (TW-87450) | Medium | 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 | CWE-863 | CVE-2024-36365 |
TeamCity | An XSS could be executed via certain report grouping and filtering operations (TW-83893) | Medium | 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 | CWE-79 | CVE-2024-36366 |
TeamCity | Stored XSS via third-party reports was possible (TW-83270) | Medium | 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 | CWE-79 | CVE-2024-36367 |
TeamCity | Reflected XSS via OAuth provider configuration was possible (TW-83485) | Medium | 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 | CWE-79 | CVE-2024-36368 |
TeamCity | Stored XSS via issue tracker integration was possible (TW-83149) | Medium | 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 | CWE-79 | CVE-2024-36369 |
TeamCity | Stored XSS via OAuth connection settings was possible (TW-83658) | Medium | 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 | CWE-79 | CVE-2024-36370 |
TeamCity | Stored XSS in Commit status publisher was possible (TW-84958) | Medium | 2023.05.6, 2023.11.5 | CWE-79 | CVE-2024-36371 |
TeamCity | Reflected XSS on the subscriptions page was possible (TW-83892) | Medium | 2023.05.6 | CWE-79 | CVE-2024-36372 |
TeamCity | Several stored XSS in untrusted builds settings were possible (TW-87421) | Medium | 2024.03.2 | CWE-79 | CVE-2024-36373 |
TeamCity | Stored XSS via build step settings was possible (TW-87381) | Medium | 2024.03.2 | CWE-79 | CVE-2024-36374 |
TeamCity | Technical information regarding TeamCity server could be exposed (TW-87468) | Medium | 2024.03.2 | CWE-209 | CVE-2024-36375 |
TeamCity | Users could perform actions that should not be available to them based on their permissions (TW-83710) | Medium | 2024.03.2 | CWE-863 | CVE-2024-36376 |
TeamCity | Certain TeamCity API endpoints did not check user permissions (TW-83647) | Medium | 2024.03.2 | CWE-863 | CVE-2024-36377 |
TeamCity | Server was susceptible to DoS attacks with incorrect auth tokens (TW-87071) | Medium | 2024.03.2 | CWE-770 | CVE-2024-36378 |
TeamCity | Authentication bypass was possible in specific edge cases even when the security patch plugin is intstalled (TW-86860) | High | 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 | CWE-288 | CVE-2024-36470 |
TeamCity | Several Stored XSS in the available updates page were possible (TW-87050) | Low | 2024.03.1 | CWE-79 | CVE-2024-35300 |
TeamCity | Commit status publisher didn't check project scope of the GitHub App token (TW-86523) | Medium | 2024.03.1 | CWE-280 | CVE-2024-35301 |
TeamCity | Stored XSS during restore from backup was possible (TW-82309) | Medium | 2023.11 | CWE-79 | CVE-2024-35302 |
YouTrack | The SMTPS protocol communication lacked proper certificate hostname validation. Reported by Yusuke Yamamoto (JT-80708) | Medium | 2024.1.29548 | CWE-295 | CVE-2024-35299 |
TeamCity | Authenticated users without administrative permissions could register other users when self-registration was disabled (TW-87046) | Medium | 2024.03 | CWE-863 | CVE-2024-31134 |
TeamCity | Open redirect was possible on the login page (TW-87062) | Medium | 2024.03 | CWE-601 | CVE-2024-31135 |
TeamCity | 2FA could be bypassed by providing a special URL parameter (TW-86989) | High | 2024.03 | CWE-1288 | CVE-2024-31136 |
TeamCity | Reflected XSS was possible via Space connection configuration. Reported by Linh Dinh (TW-86832) | Medium | 2024.03 | CWE-79 | CVE-2024-31137 |
TeamCity | XSS was possible via Agent Distribution settings. Reported by Alex Williams from Trend Micro (TW-86535) | Medium | 2024.03 | CWE-79 | CVE-2024-31138 |
TeamCity | XXE was possible in the Maven build steps detector (TW-86300) | Medium | 2024.03 | CWE-611 | CVE-2024-31139 |
TeamCity | Server administrators could remove arbitrary files from the server by installing tools (TW-86039) | Medium | 2024.03 | CWE-1288 | CVE-2024-31140 |
TeamCity | Users with access to the agent machine might obtain permissions of the user running the agent process (TW-83048) | Medium | 2023.11 | CWE-749 | CVE-2024-29880 |
YouTrack | Creation comments on behalf of an arbitrary user in HelpDesk was possible (JT-79678, JT-79719) | Medium | 2024.1.25893 | CWE-290 | CVE-2024-28228 |
YouTrack | User without appropriate permissions could restore issues and articles (JT-79924) | Medium | 2024.1.25893 | CWE-863 | CVE-2024-28229 |
YouTrack | Attaching/detaching workflow to a project was possible without project admin permissions (JT-79758) | Medium | 2024.1.25893 | CWE-862 | CVE-2024-28230 |
TeamCity | Custom build parameters of the "password" type could be disclosed (TW-86403) | Medium | 2023.11.4 | CWE-201 | CVE-2024-28173 |
TeamCity | Presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly (TW-85562) | Medium | 2023.11.4 | CWE-863 | CVE-2024-28174 |
TeamCity | Authentication bypass allowing to perform admin actions was possible. Reported by Rapid7 team (TW-86500) | Critical | 2023.11.4 | CWE-288 | CVE-2024-27198 |
TeamCity | Path traversal allowing to perform limited admin actions was possible. Reported by Rapid7 team (TW-86502) | High | 2023.11.4 | CWE-23 | CVE-2024-27199 |
IntelliJ IDEA | Path traversal was possible when unpacking archives (IDEA-339542) | Low | 2023.3.3 | CWE-23 | CVE-2024-24940 |
IntelliJ IDEA | A plugin for JetBrains Space was able to send an authentication token to an inappropriate URL (IDEA-337274) | Medium | 2023.3.3 | CWE-20 | CVE-2024-24941 |
Rider | Logging of environment variables containing secret values was possible (RIDER-103340) | Low | 2023.3.3 | CWE-532 | CVE-2024-24939 |
TeamCity | Path traversal allowed reading data within JAR archives. Reported by Sndav Bai and Crispr Xiang from TianShu Dubhe Team (TW-86017) | Medium | 2023.11.3 | CWE-23 | CVE-2024-24942 |
TeamCity | Authentication bypass leading to RCE was possible. Reported by Sndav Bai and Crispr Xiang from TianShu Dubhe Team (TW-86005) | Critical | 2023.11.3 | CWE-288 | CVE-2024-23917 |
Toolbox App | A DoS attack was possible via a malicious SVG image (TBX-9216) | Medium | 2.2 | CWE-400 | CVE-2024-24943 |
TeamCity | Access control at the S3 Artifact Storage plugin endpoint was missed (TW-85499) | Medium | 2023.11.2 | CWE-285 | CVE-2024-24936 |
TeamCity | Stored XSS via agent distribution was possible (TW-85880) | Medium | 2023.11.2 | CWE-79 | CVE-2024-24937 |
TeamCity | Limited directory traversal was possible in the Kotlin DSL documentation (TW-85585) | Medium | 2023.11.2 | CWE-23 | CVE-2024-24938 |
YouTrack | Stored XSS via markdown was possible. Reported by Sergei Zotov (JT-78995) | Medium | 2023.3.22666 | CWE-79 | CVE-2024-22370 |
IntelliJ IDEA | Code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration (IDEA-320814) | Medium | 2023.3.2 | CWE-349 | CVE-2023-51655 |
TeamCity | A CSRF on login was possible (TW-84796) | Medium | 2023.11.1 | CWE-352 | CVE-2023-50870 |
YouTrack | Authorization check for inline comments inside thread replies was missed (JT-78444) | Medium | 2023.3.22268 | CWE-285 | CVE-2023-50871 |
Ktor | Default configuration of ContentNegotiation with XML format was vulnerable to XXE. Reported by Ulf Karlsson (KTOR-6286, Pull Request) | High | 2.3.5 | CWE-611 | CVE-2023-45612 |
Ktor | Server certificates were not verified (KTOR-6229, Pull Request) | Medium | 2.3.5 | CWE-295 | CVE-2023-45613 |
TeamCity | Authentication bypass leading to RCE on TeamCity Server was possible. Reported by Stefan Schiller from Sonar (TW-83545) | Critical | 2023.05.4 | CWE-288 | CVE-2023-42793 |
TeamCity | Stored XSS was possible during nodes configuration (TW-83216) | Low | 2023.05.4 | CWE-79 | CVE-2023-43566 |
TeamCity | Stored XSS was possible during Cloud Profiles configuration (TW-82867, TW-82475) | Medium | 2023.05.3 | CWE-79 | CVE-2023-41248 |
TeamCity | Reflected XSS was possible during copying Build Step (TW-82869) | Medium | 2023.05.3 | CWE-79 | CVE-2023-41249 |
TeamCity | Reflected XSS was possible during user registration (TW-82876) | Low | 2023.05.3 | CWE-79 | CVE-2023-41250 |
IntelliJ IDEA | Plugin for Space was requesting excessive permissions (IDEA-321747) | Medium | 2023.2 | CWE-250 | CVE-2023-39261 |
TeamCity | A token with limited permissions could be used to gain full account access (TW-82485) | Medium | 2023.05.2 | CWE-266 | CVE-2023-39173 |
TeamCity | A ReDoS attack was possible via integration with issue trackers (TW-82283) | Medium | 2023.05.2 | CWE-1333 | CVE-2023-39174 |
TeamCity | Reflected XSS via GitHub integration was possible (TW-82472) | Medium | 2023.05.2 | CWE-79 | CVE-2023-39175 |
IntelliJ IDEA | License dialog could be suppressed in certain cases. Reported by Bilawal Imdad (IDEA-324171) | Low | 2023.1.4 | CWE-754 | CVE-2023-38069 |
TeamCity | Stored XSS when using a custom theme was possible (TW-82270) | Medium | 2023.05.1 | CWE-79 | CVE-2023-38061 |
TeamCity | Parameters of the "password" type could be shown in the UI in certain composite build configurations (TW-82022) | Medium | 2023.05.1 | CWE-200 | CVE-2023-38062 |
TeamCity | Stored XSS while running custom builds was possible (TW-81723) | Medium | 2023.05.1 | CWE-79 | CVE-2023-38063 |
TeamCity | Build chain parameters of the "password" type could be written to the agent log (TW-81846) | Medium | 2023.05.1 | CWE-532 | CVE-2023-38064 |
TeamCity | Stored XSS while viewing the build log was possible (TW-81777) | Medium | 2023.05.1 | CWE-79 | CVE-2023-38065 |
TeamCity | Reflected XSS via the Referer header was possible during artifact downloads (TW-80993) | Medium | 2023.05.1 | CWE-79 | CVE-2023-38066 |
TeamCity | Build parameters of the "password" type could be written to the agent log (TW-80002) | Medium | 2023.05.1 | CWE-532 | CVE-2023-38067 |
YouTrack | Captcha was not properly validated for Helpdesk forms (JT-75029) | Medium | 2023.1.16597 | CWE-799 | CVE-2023-38068 |
YouTrack | A DoS attack was possible via Helpdesk forms (JT-75136) | High | 2023.1.10518 | CWE-400 | CVE-2023-35053 |
YouTrack | Stored XSS in a Markdown-rendering engine was possible (JT-75230) | Medium | 2023.1.10518 | CWE-79 | CVE-2023-35054 |
Ktor | Headers containing authentication data could be added to the exception's message (KTOR-5900, Pull Request) | Low | 2.3.1 | CWE-209 | CVE-2023-34339 |
TeamCity | Bypass of permission checks allowing to perform admin actions was possible. Reported by Isaac Peka (TW-81566) | Critical | 2023.05, 2022.10.4 | CWE-863 | CVE-2023-34218 |
TeamCity | Improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API. Reported by Olof Lindberg (TW-80538) | Medium | 2023.05, 2022.10.4 | CWE-285 | CVE-2023-34219 |
TeamCity | Stored XSS in the Commit Status Publisher window was possible (TW-80262) | Medium | 2023.05, 2022.10.4 | CWE-79 | CVE-2023-34220 |
TeamCity | Stored XSS in the Show Connection page was possible (TW-81182) | Medium | 2023.05 | CWE-79 | CVE-2023-34221 |
TeamCity | Possible XSS in the Plugin Vendor URL was possible (TW-80378) | Medium | 2023.05 | CWE-79 | CVE-2023-34222 |
TeamCity | Parameters of the "password" type from build dependencies could be logged in some cases (TW-81338) | Medium | 2023.05 | CWE-532 | CVE-2023-34223 |
TeamCity | Open redirect during oAuth configuration was possible (TW-79888) | Medium | 2023.05 | CWE-601 | CVE-2023-34224 |
TeamCity | Stored XSS in the NuGet feed page was possible (TW-81031) | Medium | 2023.05 | CWE-79 | CVE-2023-34225 |
TeamCity | Reflected XSS in the Subscriptions page was possible (TW-80881) | Medium | 2023.05 | CWE-79 | CVE-2023-34226 |
TeamCity | A specific endpoint was vulnerable to brute force attacks (TW-80842) | Medium | 2023.05, 2022.10.4 | CWE-749 | CVE-2023-34227 |
TeamCity | Authentication checks were missing – 2FA was not checked for some sensitive account actions (TW-73544) | Medium | 2023.05 | CWE-308 | CVE-2023-34228 |
TeamCity | Stored XSS in GitLab Connection page was possible (TW-80174) | Medium | 2023.05, 2022.10.4 | CWE-79 | CVE-2023-34229 |
Toolbox App | A DYLIB injection on macOS was possible. Reported by Dimitrie-Toma Furdui (TBX-9047) | Medium | 1.28 | CWE-691 | CVE-2022-48481 |
Hub | SSRF protection in Auth Module integration was missing (HUB-11380) | Medium | 2023.1.15725 | CWE-918 | CVE-2022-48477 |
Ktor | Path traversal in the `resolveResource` method was possible. Reported by Vasco Franco (KTOR-5733, Pull Request) | High | 2.3.0 | CWE-35 | CVE-2022-48476 |
PhpStorm | Source code could be logged in the local idea.log file (WI-71063) | Low | 2023.1 | CWE-532 | CVE-2022-48435 |
IntelliJ IDEA | File content could be disclosed via an external stylesheet path in Markdown preview (IDEA-297583) | Medium | 2023.1 | CWE-200 | CVE-2022-48430 |
IntelliJ IDEA | In some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation (IDEA-262839) | Medium | 2023.1 | CWE-345 | CVE-2022-48431 |
IntelliJ IDEA | The bundled version of Chromium wasn't sandboxed (IDEA-284121) | Medium | 2023.1 | CWE-1188 | CVE-2022-48432 |
IntelliJ IDEA | The NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server (IDEA-303249) | Medium | 2023.1 | CWE-522 | CVE-2022-48433 |
Hub | Reflected XSS in dashboards was possible (HUB-11421) | Medium | 2022.3.15573, 2022.2.15572, 2022.1.15583 | CWE-79 | CVE-2022-48429 |
TeamCity | Stored XSS in Perforce connection settings was possible (TW-79891) | Medium | 2022.10.3 | CWE-79 | CVE-2022-48426 |
TeamCity | Stored XSS on “Pending changes” and “Changes” tabs was possible (TW-80199) | Medium | 2022.10.3 | CWE-79 | CVE-2022-48427 |
TeamCity | Stored XSS on the SSH keys page was possible (TW-80097) | Medium | 2022.10.3 | CWE-79 | CVE-2022-48428 |
JetBrains Marketplace | There was a stored XSS vulnerability in the list of suggested plugins (MP-4822) | Medium | Not applicable | CWE-79 | Not applicable |
JetBrains Marketplace | Throttling was not in place for comment creation. Reported by Keroles Magdy (MP-4857) | Low | Not applicable | CWE-770 | Not applicable |
JetBrains Website | SSRF leading to AWS metadata disclosure was possible. Reported by Peter Af Geijerstam (JS-17660) | Medium | Not applicable | CWE-918 | Not applicable |
JetBrains Website | Server version and stack trace were disclosed to unauthorized users (JS-16718) | Low | Not applicable | CWE-209 | Not applicable |
JetBrains Website | It was possible to launch cookie bomb attacks, leading to DoS. Reported by Multansingh Medtiya (JS-17550) | Medium | Not applicable | CWE-703 | Not applicable |
JetBrains Website | There was a reflected XSS vulnerability in the Space instance registration process. Reported by Rahul Karki (SPACE-17966) | Medium | Not applicable | CWE-79 | Not applicable |
Space | Throttling was not in place for a password reset. Reported by Hasan Khan (SPACE-17349) | Low | Not applicable | CWE-770 | Not applicable |
TeamCity | JVMTI was enabled by default on agents. Reported by Hj Chai (TW-78552) | Medium | 2022.10.2 | CWE-1188 | CVE-2022-48342 |
TeamCity | There was an XSS vulnerability in the user creation process (TW-78783) | Medium | 2022.10.2 | CWE-79 | CVE-2022-48343 |
TeamCity | There was an XSS vulnerability in the group creation process (TW-78786) | Medium | 2022.10.2 | CWE-79 | CVE-2022-48344 |
JetBrains Marketplace | Stored XSS in the list of plugin ideas (MP-4824) | Medium | Not applicable | CWE-79 | Not applicable |
JetBrains Website | Reflected XSS in JetBrains Blog (JS-16355) | Medium | Not applicable | CWE-79 | Not applicable |
IntelliJ IDEA | The "Validate JSP File" action used the HTTP protocol to download required JAR files (IDEA-305732) | Medium | 2022.3.1 | CWE-319 | CVE-2022-47895 |
IntelliJ IDEA | Code Templates were vulnerable to SSTI attacks. Reported by Krypton (IDEA-306345) | Medium | 2022.3.1 | CWE-1336 | CVE-2022-47896 |
Space | The second authentication factor wasn't checked during the password reset. Reported by Bharat (SPACE-15087) | Medium | Not applicable | CWE-304 | Not applicable |
IntelliJ IDEA | A buffer overflow in the fsnotifier daemon on macOS was possible (IDEA-302494) | Medium | 2022.2.4 | CWE-120 | CVE-2022-46824 |
IntelliJ IDEA | The built-in web server leaked information about open projects (IDEA-297741) | Medium | 2022.3 | CWE-200 | CVE-2022-46825 |
IntelliJ IDEA | The built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability (IDEA-304713) | Medium | 2022.3 | CWE-35 | CVE-2022-46826 |
IntelliJ IDEA | An XXE attack leading to SSRF via requests to custom plugin repositories was possible (IDEA-302855) | Low | 2022.3 | CWE-611 | CVE-2022-46827 |
IntelliJ IDEA | A DYLIB injection on macOS was possible. Independently reported by Anthony Viriya and Kang Ali (IDEA-298179) | Medium | 2022.3 | CWE-691 | CVE-2022-46828 |
JetBrains Gateway | A client could connect without a valid token if the host consented (GTW-1786) | High | 2022.3 | CWE-287 | CVE-2022-46829 |
Space | Profiles were improperly added to random projects, including restricted ones | Medium | Not applicable | CWE-668 | Not applicable |
TeamCity | A custom STS endpoint allowed internal port scanning (TW-78415) | Medium | 2022.10.1 | CWE-918 | CVE-2022-46830 |
TeamCity | Connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators (TW-78416) | Medium | 2022.10.1 | CWE-453 | CVE-2022-46831 |
Hub | Throttling was missed when sending emails to a particular email address. Reported by Keroles Magdy (HUB-11260) | Low | 2022.3.15181 | CWE-770 | CVE-2022-45471 |
TeamCity Cloud | EBS storage objects were not encrypted (TCC-175) | Low | Not applicable | CWE-311 | Not applicable |
TeamCity Cloud | Passwords for agent user accounts built from the same image were not randomized (TCC-188) | Medium | Not applicable | CWE-331 | Not applicable |
TeamCity | Excessive access permissions for secure token health items (TW-73518) | Low | 2022.10 | CWE-284 | CVE-2022-44622 |
TeamCity | Project Viewer could see scrambled secure values in the MetaRunner settings (TW-76796) | Medium | 2022.10 | CWE-538 | CVE-2022-44623 |
TeamCity | Password parameters could be exposed in the build log if they contained special characters (TW-77048) | Medium | 2022.10 | CWE-532 | CVE-2022-44624 |
TeamCity | No audit items were added upon editing a user's settings (TW-75537) | Low | 2022.10 | CWE-223 | CVE-2022-44646 |
JetBrains Account | Throttling was missed on some pages. Reported by Manthan Mahale (JPF-13346) | Low | 2022.09 | CWE-770 | Not applicable |
TeamCity | Environmental variables of "password" type could be logged when using custom Perforce executable. Reported by Pierre Hosteins and Yvan Serykh (TW-77474) | Medium | 2022.04.4 | CWE-532 | CVE-2022-40979 |
JetBrains Website | Open redirect on jetbrains.com.cn. Reported by Koutrouss Naddara (JS-17099) | Medium | Not applicable | CWE-601 | Not applicable |
IntelliJ IDEA | The installer was vulnerable to EXE search order hijacking. Reported by Dmitry Zemlyakov (IDEA-295424) | High | 2022.2.2 | CWE-427 | CVE-2022-40978 |
JetBrains Website | The JetBrains blog was vulnerable to CSS injection (JS-16353) | Low | Not applicable | CWE-79 | Not applicable |
Ktor | Ktor was vulnerable to the Reflect File Download attack. Reported by Motoyasu Saburi (KTOR-4669, Pull Request) | Medium | 2.1.0 | CWE-184 | CVE-2022-38179 |
Ktor | The wrong authentication provider could be selected in some cases. Reported by Andrew Bryan (KTOR-4618, Pull Request) | Medium | 2.1.0 | CWE-287 | CVE-2022-38180 |
TeamCity | The private SSH key could be written to the server log in some cases (TW-76758) | Low | 2022.04.3 | CWE-532 | CVE-2022-38133 |
Rider | Trust and Open Project dialog bypass, leading to local code execution (RIDER-74325, RIDER-74328) | Medium | 2022.2 | CWE-94 | CVE-2022-37396 |
IntelliJ IDEA | Local code execution was possible via a Vagrant executable (IDEA-288325) | Low | 2022.2 | CWE-94 | CVE-2022-37009 |
IntelliJ IDEA | Missing email address validation in the "Git User Name Is Not Defined" dialog. Reported by Carolos Foscolos (IDEA-291960) | Low | 2022.2 | CWE-20 | CVE-2022-37010 |
TeamCity | The private SSH key could be written to the build log in some cases (TW-76651) | Medium | 2022.04.2 | CWE-532 | CVE-2022-36321 |
TeamCity | Build parameter injection was possible. Reported by Micky Sung (TW-76356) | Medium | 2022.04.2 | CWE-88 | CVE-2022-36322 |
Hub | Insufficient access control allowed the hijacking of untrusted services in Hub. Reported by Yurii Sanin (HUB-10771) | Low | 2022.2.14799 | CWE-284 | CVE-2022-34894 |
JetBrains Website | Potential XSS via Origin header. Reported by Nidhin Sabu (JPF-13063) | Low | Not applicable | CWE-79 | Not applicable |
Ktor | SHA1 implementation in Ktor Native was returning the same value (KTOR-4217, Pull Request) | High | 2.0.1 | CWE-342 | CVE-2022-29930 |
TeamCity | Reflected XSS on the Build Chain Status page (TW-75231) | Medium | 2022.04 | CWE-79 | CVE-2022-29927 |
TeamCity | Possible leak of secrets in TeamCity agent logs (TW-74263, TW-68807) | Medium | 2022.04 | CWE-532 | CVE-2022-29928 |
TeamCity | Potential XSS via Referrer header (TW-75605) | Low | 2022.04 | CWE-79 | CVE-2022-29929 |
Hub | Stored XSS via project icon. Reported by Julian Muñoz (HUB-11155) | Medium | 2022.1.14638 | CWE-79 | CVE-2022-29811 |
IntelliJ IDEA | Insufficient notification about using Unicode directionality formatting characters (IDEA-284151) | Low | 2022.1 | CWE-176 | CVE-2022-29812 |
IntelliJ IDEA | Local code execution via custom Pandoc path (IDEA-288269) | Medium | 2022.1 | CWE-94 | CVE-2022-29813 |
IntelliJ IDEA | Local code execution via HTML descriptions in custom JSON schemas (IDEA-283967) | Medium | 2022.1 | CWE-94 | CVE-2022-29814 |
IntelliJ IDEA | Local code execution via workspace settings (IDEA-283824, IDEA-283968) | Medium | 2022.1 | CWE-94 | CVE-2022-29815 |
IntelliJ IDEA | HTML injection into IDE messages (IDEA-287428) | Low | 2022.1 | CWE-74 | CVE-2022-29816 |
IntelliJ IDEA | Reflected XSS via error messages in internal web server (IDEA-283994) | Low | 2022.1 | CWE-79 | CVE-2022-29817 |
IntelliJ IDEA | Flawed origin checks in the internal web server (IDEA-283586) | Low | 2022.1 | CWE-346 | CVE-2022-29818 |
IntelliJ IDEA | Local code execution via links in Quick Documentation (IDEA-289398) | Medium | 2022.1 | CWE-94 | CVE-2022-29819 |
PyCharm | Exposure of the debugger port to the internal network (PY-52288) | Low | 2022.1 | CWE-1327 | CVE-2022-29820 |
Rider | Local code execution via links in ReSharper Quick Documentation (RIDER-74099) | Medium | 2022.1 | CWE-94 | CVE-2022-29821 |
TeamCity Cloud | Potential disclosure of built-in OAuth2 connectors' secrets. Reported by Yurii Sanin (TCC-346) | High | Not applicable | CWE-522 | Not applicable |
TeamCity Cloud | Session takeover via OAuth client manipulation. Reported by Yurii Sanin (TCC-347, TCC-349, TCC-351) | High | Not applicable | CWE-345 | Not applicable |
TeamCity Cloud | Session takeover using open redirect misconfiguration. Reported by Yurii Sanin (TCC-348) | High | Not applicable | CWE-601 | Not applicable |
TeamCity Cloud | VCS credentials disclosure via repository URL manipulation. Reported by Yurii Sanin (TCC-355, TCC-358) | Medium | Not applicable | CWE-522 | Not applicable |
Ktor | Random values used for nonce generation in Ktor Native weren't using SecureRandom implementations. Reported by Dan Wallach (KTOR-3656, Pull Request) | Low | 2.0.0 | CWE-330 | CVE-2022-29035 |
JetBrains Account | It was possible to take over accounts linked to outlook.* email addresses via GitHub SSO. Reported by Adrian Weber (JPF-12877) | Critical | 2022.04 | CWE-697 | Not applicable |
IntelliJ IDEA | It was possible to get passwords from protected fields (IDEA-289085) | High | 2021.3.3 | CWE-497 | CVE-2022-28651 |
YouTrack | HTML code from the issue description was being rendered (JT-58282) | Medium | 2022.1.43563 | CWE-80 | CVE-2022-28648 |
YouTrack | It was possible to include an iframe from a third-party domain in the issue description (JT-68626) | Medium | 2022.1.43563 | CWE-1021 | CVE-2022-28649 |
YouTrack | It was possible to inject JavaScript into Markdown in the YouTrack Classic UI (JT-68622) | High | 2022.1.43700 | CWE-79 | CVE-2022-28650 |
Hub | Blind Server-Side Request Forgery (SSRF). Reported by Yurii Sanin (HUB-11052) | Medium | 2021.1.14276 | CWE-918 | CVE-2022-25260 |
Hub | Reflected XSS. Reported by Yurii Sanin (HUB-10971) | Medium | 2021.1.14276 | CWE-79 | CVE-2022-25259 |
Hub | SAML request takeover. Reported by Yurii Sanin (HUB-10978) | High | 2022.1.14434 | CWE-345 | CVE-2022-25262 |
JetBrains Blog | Reflected XSS via tag parameter (BLOG-55) | Medium | Not applicable | CWE-79 | Not applicable |
JetBrains Marketplace | Stored XSS via plugin fields (MP-4190, MP-4191, MP-4192, MP-4196, MP-4201) | Medium | Not applicable | CWE-79 | Not applicable |
Kotlin Website | Clickjacking at talkingkotlin.com (KTL-84) | Low | Not applicable | CWE-1021 | Not applicable |
TeamCity | Reflected XSS (TW-74044) | Medium | 2021.2.2 | CWE-79 | CVE-2022-25261 |
TeamCity | OS command injection in the Agent Push feature configuration. Reported by Cristian Chavez (TW-74822) | High | 2021.2.3 | CWE-78 | CVE-2022-25263 |
TeamCity | Environmental variables of "password" type could be logged in some cases (TW-74625) | Medium | 2021.2.3 | CWE-532 | CVE-2022-25264 |
YouTrack | SSTI via FreeMarker templates. Reported by Matei "Mal" Badanoiu (JT-68075) | High | 2021.4.40426 | CWE-1336 | CVE-2022-24442 |
Hub | JetBrains Account integration exposed API keys with excessive permissions. Reported by Yurii Sanin (HUB-10958) | High | 2021.1.13890 | CWE-732 | CVE-2022-24327 |
Hub | An unprivileged user could perform a DoS. Reported by Yurii Sanin (HUB-10976) | High | 2021.1.13956 | CWE-74 | CVE-2022-24328 |
IntelliJ IDEA | Code could be executed without the user’s permission on opening a project (IDEA-243002, IDEA-277306, IDEA-282396, IDEA-275917) | Medium | 2021.2.4 | CWE-345 | CVE-2022-24345 |
IntelliJ IDEA | Potential LCE via RLO (Right-to-Left Override) characters (IDEA-284150) | Medium | 2021.3.1 | CWE-176 | CVE-2022-24346 |
JetBrains Blog | Blind SQL injection. Reported by Khan Janny (BLOG-45) | Medium | Not applicable | CWE-89 | Not applicable |
Kotlin | No ability to lock dependencies for Kotlin Multiplatform Gradle projects. Reported by Carter Jernigan (KT-49449) | Medium | 1.6.0 | CWE-667 | CVE-2022-24329 |
Kotlin Website | Clickjacking at kotlinlang.org (KTL-588) | Medium | Not applicable | CWE-1021 | Not applicable |
Remote Development | Unexpected open port on backend server. Reported by Damian Gwiżdż (GTW-894) | High | 2021.3.1 | CWE-1327 | CVE-2021-45977 |
Space | Missing permission check in an HTTP API response (SPACE-15991) | High | Not applicable | CWE-284 | Not applicable |
TeamCity | A redirect to an external site was possible (TW-71113) | Low | 2021.2.1 | CWE-601 | CVE-2022-24330 |
TeamCity | Logout failed to remove the "Remember Me" cookie (TW-72969) | Low | 2021.2 | CWE-613 | CVE-2022-24332 |
TeamCity | GitLab authentication impersonation. Reported by Christian Pedersen (TW-73375) | High | 2021.1.4 | CWE-285 | CVE-2022-24331 |
TeamCity | The "Agent push" feature allowed any private key on the server to be selected (TW-73399) | Low | 2021.2.1 | CWE-284 | CVE-2022-24334 |
TeamCity | Blind SSRF via an XML-RPC call. Reported by Artem Godin (TW-73465) | Medium | 2021.2 | CWE-918 | CVE-2022-24333 |
TeamCity | Time-of-check/Time-of-use (TOCTOU) vulnerability in agent registration via XML-RPC. Reported by Artem Godin (TW-73468) | High | 2021.2 | CWE-367 | CVE-2022-24335 |
TeamCity | An unauthenticated attacker could cancel running builds via an XML-RPC request to the TeamCity server. Reported by Artem Godin (TW-73469) | Medium | 2021.2.1 | CWE-284 | CVE-2022-24336 |
TeamCity | Pull-requests' health items were shown to users without appropriate permissions (TW-73516) | Low | 2021.2 | CWE-284 | CVE-2022-24337 |
TeamCity | Stored XSS. Reported by Yurii Sanin (TW-73737) | Medium | 2021.2.1 | CWE-79 | CVE-2022-24339 |
TeamCity | URL injection leading to CSRF. Reported by Yurii Sanin (TW-73859) | Medium | 2021.2.1 | CWE-352 | CVE-2022-24342 |
TeamCity | Changing a password failed to terminate sessions of the edited user (TW-73888) | Low | 2021.2.1 | CWE-613 | CVE-2022-24341 |
TeamCity | XXE during the parsing of a configuration file (TW-73932) | Medium | 2021.2.1 | CWE-611 | CVE-2022-24340 |
TeamCity | Reflected XSS (TW-74043) | Medium | 2021.2.1 | CWE-79 | CVE-2022-24338 |
YouTrack | Stored XSS on the Notification templates page (JT-65752) | Low | 2021.4.31698 | CWE-79 | CVE-2022-24344 |
YouTrack | A custom logo could be set with read-only permissions (JT-66214) | Low | 2021.4.31698 | CWE-284 | CVE-2022-24343 |
YouTrack | Stored XSS via project icon. Reported by Yurii Sanin (JT-67176) | Medium | 2021.4.36872 | CWE-79 | CVE-2022-24347 |
Datalore | Server version disclosure. Reported by Bharat (DL-9447) | Low | 2021.3 | CWE-209 | Not applicable |
Hub | Information disclosure via avatars metadata (HUB-10154) | Low | 2021.1.13690 | CWE-200 | CVE-2021-43180 |
Hub | Potential DOS via user information. Reported by Bharat (HUB-10804) | Low | 2021.1.13415 | CWE-20 | CVE-2021-43182 |
Hub | Stored XSS. Reported by Dmitry Sherstoboev (HUB-10854) | Medium | 2021.1.13690 | CWE-79 | CVE-2021-43181 |
Hub | Authentication throttling mechanism could be bypassed. Reported by Bharat (HUB-10869) | Medium | 2021.1.13690 | CWE-180 | CVE-2021-43183 |
JetBrains Account | Authentication throttling mechanism could be bypassed. Reported by Bharat (JPF-11933) | Medium | 2021.07 | CWE-180 | Not applicable |
Ktor | Improper nonce verification during OAuth2 authentication process. Reported by Ole Schilling Tjensvold (KTOR-3091) | Medium | 1.6.4 | CWE-303 | CVE-2021-43203 |
Space | Authentication throttling mechanism could be bypassed. Reported by Bharat (SPACE-15282) | Low | Not applicable | CWE-180 | Not applicable |
Space | SSRF disclosing EC2 metadata (SPACE-15666) | High | Not applicable | CWE-918 | Not applicable |
TeamCity | User enumeration was possible (TW-70167) | Low | 2021.1.2 | CWE-200 | CVE-2021-43194 |
TeamCity | RCE in agent push functionality. Reported by Eduardo Castellanos (TW-70384) | High | 2021.1.2 | CWE-78 | CVE-2021-43193 |
TeamCity | Information disclosure via Docker Registry connection dialog (TW-70459) | Medium | 2021.1 | CWE-200 | CVE-2021-43196 |
TeamCity | Some HTTP Security Headers were missed (TW-71376) | Low | 2021.1.2 | CWE-693 | CVE-2021-43195 |
TeamCity | Email notifications could include unescaped HTML (TW-71981) | Low | 2021.1.2 | CWE-116 | CVE-2021-43197 |
TeamCity | Insufficient permissions checks in create patch functionality (TW-71982) | Low | 2021.1.2 | CWE-285 | CVE-2021-43199 |
TeamCity | Stored XSS (TW-72007) | Low | 2021.1.2 | CWE-79 | CVE-2021-43198 |
TeamCity | Insufficient permissions checks in agent push functionality (TW-72177) | Low | 2021.1.2 | CWE-285 | CVE-2021-43200 |
TeamCity | X-Frame-Options Header was missed in some cases (TW-72464) | Low | 2021.1.3 | CWE-693 | CVE-2021-43202 |
TeamCity | A newly created project could take settings from already deleted project (TW-72521) | Medium | 2021.1.3 | CWE-459 | CVE-2021-43201 |
TeamCity Cloud | Session takeover using open redirect in OAuth integration. Reported by Yurii Sanin (TCC-277) | High | Not applicable | CWE-601 | Not applicable |
YouTrack | Stored XSS (JT-63483) | Low | 2021.3.21051 | CWE-79 | CVE-2021-43184 |
YouTrack | Host header injection. Reported by Artem Ivanov (JT-65590) | Medium | 2021.3.23639 | CWE-601 | CVE-2021-43185 |
YouTrack | Stored XSS. Reported by Artem Ivanov (JT-65749) | High | 2021.3.24402 | CWE-79 | CVE-2021-43186 |
YouTrack InCloud | Unsafe EC2 configuration in YouTrack InCloud (JT-63693, JT-63695) | Low | Not applicable | CWE-16 | Not applicable |
YouTrack Mobile | Client-side caching on iOS (YTM-12961) | Low | 2021.2 | CWE-524 | CVE-2021-43187 |
YouTrack Mobile | Incomplete access tokens protection in iOS (YTM-12962, YTM-12965, YTM-12966) | Low | 2021.2 | CWE-311 | CVE-2021-43188 |
YouTrack Mobile | Incomplete access tokens protection in Android (YTM-12964) | Low | 2021.2 | CWE-311 | CVE-2021-43189 |
YouTrack Mobile | Task Hijacking in Android (YTM-12967) | Low | 2021.2 | CWE-287 | CVE-2021-43190 |
YouTrack Mobile | iOS URL Scheme hijacking (YTM-12968) | Low | 2021.2 | CWE-287 | CVE-2021-43192 |
YouTrack Mobile | Missing Security Screen on Android & iOS (YTM-12969) | Low | 2021.2 | CWE-287 | CVE-2021-43191 |
Datalore | Potential JWT token takeover using redirect misconfiguration. Reported by Yurii Sanin (DL-9225, JPF-11801) | High | 0.2.2 | CWE-601 | Not applicable |
Datalore | There was no way to drop all active sessions. Reported by Bharat (DL-9247) | High | 0.3.0 | CWE-613 | Not applicable |
Hub | Potentially insufficient CSP for Widget deployment feature (JPS-10736) | Low | 2021.1.13262 | CWE-1021 | CVE-2021-37540 |
Hub | Account takeover was possible during password reset. Reported by Viet Nguyen Quoc (JPS-10767) | High | 2021.1.13402 | CWE-601 | CVE-2021-36209 |
Hub | HTML injection in the password reset email was possible. Reported by Bharat (JPS-10797) | Medium | 2021.1.13402 | CWE-79 | CVE-2021-37541 |
JetBrains Account | OTP could be used several times after the successful validation (JPF-11119) | Low | 2021.04 | CWE-358 | Not applicable |
JetBrains Account | Potential account takeover via OAuth integration. Reported by Bharat (JPF-11802) | High | 2021.06 | CWE-918 | Not applicable |
JetBrains Website | Reflected XSS on jetbrains.com. Reported by Vasu Solanki (JS-14004) | Low | Not applicable | CWE-79 | Not applicable |
RubyMine | Code execution without user confirmation was possible for untrusted projects (RUBY-27702) | Medium | 2021.1.1 | CWE-345 | CVE-2021-37543 |
Space | Deprecated organization-wide package repositories were publicly visible (SPACE-14151) | High | Not applicable | CWE-284 | Not applicable |
TeamCity | Potential XSS (TW-61688) | High | 2020.2.3 | CWE-79 | CVE-2021-37542 |
TeamCity | Insecure deserialization (TW-70057, TW-70080) | High | 2020.2.4 | CWE-502 | CVE-2021-37544 |
TeamCity | Insufficient authentication checks for agent requests (TW-70166) | High | 2021.1.1 | CWE-287 | CVE-2021-37545 |
TeamCity | Insecure key generation for encrypted properties (TW-70201) | Low | 2021.1 | CWE-335 | CVE-2021-37546 |
TeamCity | Insufficient checks during file uploading (TW-70546) | Medium | 2020.2.4 | CWE-434 | CVE-2021-37547 |
TeamCity | Passwords in plain text sometimes could be stored in VCS (TW-71008) | Medium | 2021.1 | CWE-540 | CVE-2021-37548 |
YouTrack | Insufficient sandboxing in workflows (JT-63222, JT-63254) | Critical | 2021.1.11111 | CWE-648 | CVE-2021-37549 |
YouTrack | Time-unsafe comparisons were used (JT-63697) | Low | 2021.2.16363 | CWE-208 | CVE-2021-37550 |
YouTrack | System user passwords were hashed with SHA-256 (JT-63698) | Low | 2021.2.16363 | CWE-916 | CVE-2021-37551 |
YouTrack | Insecure PRNG was used (JT-63699) | Low | 2021.2.16363 | CWE-338 | CVE-2021-37553 |
YouTrack | Stored XSS (JT-64564) | Medium | 2021.2.17925 | CWE-79 | CVE-2021-37552 |
YouTrack | User could see boards without having corresponding permissions (JT-64634) | Low | 2021.3.21051 | CWE-284 | CVE-2021-37554 |
YouTrack InCloud | Reflected XSS on konnector service in Firefox (JT-63702) | Low | Not applicable | CWE-79 | Not applicable |
Code With Me | Client could execute code in read-only mode (CWM-1235) | Medium | Compatible IDEs 2021.1 version | CWE-285 | CVE-2021-31899 |
Code With Me | Client could open browser on host (CWM-1769) | Low | Compatible IDEs 2021.1 version | CWE-285 | CVE-2021-31900 |
Exception Analyzer | No throttling at Exception Analyzer login page. Reported by Ashhad Ali (EXA-760) | Low | Not applicable | CWE-799 | Not applicable |
Hub | Two-factor authentication wasn't enabled properly for "All Users" group (JPS-10694) | Low | 2021.1.13079 | CWE-304 | CVE-2021-31901 |
IntelliJ IDEA | XXE in License server functionality (IDEA-260143) | High | 2020.3.3 | CWE-611 | CVE-2021-30006 |
IntelliJ IDEA | Code execution without user confirmation was possible for untrusted projects (IDEA-260911, IDEA-260912, IDEA-260913, IDEA-261846, IDEA-261851, IDEA-262917, IDEA-263981, IDEA-264782) | Medium | 2020.3.3 | CWE-345 | CVE-2021-29263 |
IntelliJ IDEA | Possible DoS. Reported by Arun Malik (IDEA-261832) | Medium | 2021.1 | CWE-770 | CVE-2021-30504 |
JetBrains Academy | Potential takeover of a future account with a known email. Reported by Vansh Devgan (JBA-110) | Low | Not applicable | CWE-285 | Not applicable |
JetBrains Account | Sensitive account URLs were shared with third parties. Reported by Vikram Naidu (JPF-11338) | High | 2021.02 | CWE-201 | Not applicable |
JetBrains Website | Reflected XSS at blog.jetbrains.com. Reported by Peter Af Geijerstam and Jai Kumar (JS-14554, JS-14562) | Low | Not applicable | CWE-79 | Not applicable |
PyCharm | Code execution without user confirmation was possible for untrusted projects. Reported by Tony Torralba (PY-41524) | Medium | 2020.3.4 | CWE-345 | CVE-2021-30005 |
Space | Insufficient CRLF sanitization in user input (SPACE-13955) | Low | Not applicable | CWE-93 | Not applicable |
TeamCity | Potential XSS on the test history page (TW-67710) | Medium | 2020.2.2 | CWE-79 | CVE-2021-31904 |
TeamCity | TeamCity IntelliJ Plugin DOS. Reported by Jonathan Leitschuh (TW-69070) | Low | 2020.2.2 | CWE-770 | CVE-2021-26310 |
TeamCity | Local information disclosure via temporary file in TeamCity IntelliJ Plugin. Reported by Jonathan Leitschuh (TW-69420) | Low | 2020.2.2 | CWE-378 | CVE-2021-26309 |
TeamCity | Insufficient audit when an administrator uploads a file (TW-69511) | Low | 2020.2.2 | CWE-778 | CVE-2021-31906 |
TeamCity | Improper permission checks for changing TeamCity plugins (TW-69521) | Low | 2020.2.2 | CWE-732 | CVE-2021-31907 |
TeamCity | Potential XSS on the test page. Reported by Stephen Patches (TW-69737) | Low | 2020.2.2 | CWE-79 | CVE-2021-3315 |
TeamCity | Argument Injection leading to RCE (TW-70054) | High | 2020.2.3 | CWE-78 | CVE-2021-31909 |
TeamCity | Stored XSS on several pages (TW-70078, TW-70348) | Medium | 2020.2.3 | CWE-79 | CVE-2021-31908 |
TeamCity | Information disclosure via SSRF (TW-70079) | High | 2020.2.3 | CWE-918 | CVE-2021-31910 |
TeamCity | Reflected XSS on several pages (TW-70093, TW-70094, TW-70095, TW-70096, TW-70137) | Medium | 2020.2.3 | CWE-79 | CVE-2021-31911 |
TeamCity | Potential account takeover during password reset (TW-70303) | Medium | 2020.2.3 | CWE-640 | CVE-2021-31912 |
TeamCity | Insufficient checks of the redirect_uri during GitHub SSO token exchange (TW-70358) | Low | 2020.2.3 | CWE-601 | CVE-2021-31913 |
TeamCity | Arbitrary code execution on TeamCity Server running on Windows. Reported by Chris Moore (TW-70512) | High | 2020.2.4 | CWE-829 | CVE-2021-31914 |
TeamCity | Command injection leading to RCE. Reported by Chris Moore (TW-70541) | High | 2020.2.4 | CWE-78 | CVE-2021-31915 |
TeamCity Cloud | Potential information disclosure via EC2 instance metadata (TCC-174, TCC-176) | Low | Not applicable | CWE-1230 | Not applicable |
TeamCity Cloud | Temporary credentials disclosure via command injection. Reported by Chris Moore (TCC-196) | High | Not applicable | CWE-78 | Not applicable |
UpSource | Application passwords were not revoked correctly. Reported by Thibaut Zonca (UP-10843) | High | 2020.1.1883 | CWE-459 | CVE-2021-30482 |
WebStorm | HTTP requests were used instead of HTTPS (WEB-49549) | Low | 2021.1 | CWE-295 | CVE-2021-31898 |
WebStorm | Code execution without user confirmation was possible for untrusted projects (WEB-49689, WEB-49902) | Low | 2021.1 | CWE-345 | CVE-2021-31897 |
YouTrack | Stored XSS via attached file. Reported by Mikhail Klyuchnikov (JT-62530) | Medium | 2020.6.6441 | CWE-79 | CVE-2021-27733 |
YouTrack | Pull request title was sanitized insufficiently (JT-62556) | Medium | 2021.1.9819 | CWE-79 | CVE-2021-31903 |
YouTrack | Improper access control during exporting issues (JT-62649) | High | 2020.6.6600 | CWE-284 | CVE-2021-31902 |
YouTrack | Information disclosure in issue preview (JT-62919) | High | 2020.6.8801 | CWE-200 | CVE-2021-31905 |
Code With Me | An attacker in the local network knowing session id could get access to the encrypted traffic. Reported by Grigorii Liullin (CWM-1067) | Low | 2020.3 | Not applicable | CVE-2021-25755 |
Datalore | Server components versions were disclosed (DL-8327, DL-8335) | Low | 0.0.1 | CWE-200 | Not applicable |
Exception Analyzer | Information disclosure via Exceptions Analyzer (SDP-1248) | Low | Not applicable | CWE-200 | Not applicable |
Hub | Open-redirect was possible. Reported by Mohammed Amine El Attar (JPS-10348) | Medium | 2020.1.12629 | Not applicable | CVE-2021-25757 |
Hub | Authorized user can delete 2FA settings of any other user (JPS-10410) | Medium | 2020.1.12629 | Not applicable | CVE-2021-25759 |
Hub | Information disclosure via public API (JPS-10481) | Low | 2020.1.12669 | Not applicable | CVE-2021-25760 |
IntelliJ IDEA | HTTP links were used for several remote repositories (IDEA-228726) | Low | 2020.2 | Not applicable | CVE-2021-25756 |
IntelliJ IDEA | Potentially insecure deserialization of the workspace model (IDEA-253582) | Low | 2020.3 | Not applicable | CVE-2021-25758 |
JetBrains Account | Authorization token was sent as a query parameter within Zendesk integration (JPF-10508) | Low | 2020.11 | CWE-598 | Not applicable |
JetBrains Account | Open-redirect was possible (JPF-10660) | Low | 2020.10 | CWE-601 | Not applicable |
JetBrains Website | Cross-origin resource sharing was possible. Reported by Ashhad Ali (SDP-1193) | Low | Not applicable | CWE-942 | Not applicable |
JetBrains Website | Throttling was not used for the particular endpoint. Reported by Ashhad Ali (SDP-1197) | Low | Not applicable | CWE-799 | Not applicable |
JetBrains Website | Clickjacking was possible. Reported by Ashhad Ali (SDP-1203) | Low | Not applicable | CWE-1021 | Not applicable |
Kotlin | Vulnerable Java API was used for temporary files and folders creation, which could make temporary files available for other users of a system. Reported by Jonathan Leitschuh (KT-42181) | Low | 1.4.21 | Not applicable | CVE-2020-29582 |
Ktor | Birthday attack on SessionStorage key was possible. Reported by Kenta Koyama (KTOR-878) | Low | 1.5.0 | Not applicable | CVE-2021-25761 |
Ktor | Weak cipher suites were enabled by default. Reported by Johannes Ulfkjær Jensen (KTOR-895) | Low | 1.4.2 | Not applicable | CVE-2021-25763 |
Ktor | HTTP Request Smuggling was possible. Reported by ZeddYu Lu, Kaiwen Shen, Yaru Yang (KTOR-1116) | Low | 1.4.3 | Not applicable | CVE-2021-25762 |
PhpStorm | Source code could be added to debug logs (WI-54619) | Low | 2020.3 | Not applicable | CVE-2021-25764 |
Space | Potential information disclosure via logs (SPACE-9343, SPACE-10969) | Low | Not applicable | CWE-532 | Not applicable |
Space | An attacker could obtain limited information via SSRF in repository mirroring test connection (SPACE-9514) | High | Not applicable | CWE-918 | Not applicable |
Space | Content-Type header wasn't set for some pages (SPACE-12004) | Low | Not applicable | CWE-531 | Not applicable |
Space | REST API endpoint was available without appropriate permissions check, which could introduce a potential DOS vector (no real exploit available). (SPACE-12288) | Low | Not applicable | CWE-732 | Not applicable |
TeamCity | Reflected XSS on several pages (TW-67424, TW-68098) | Medium | 2020.2 | Not applicable | CVE-2021-25773 |
TeamCity | TeamCity server DoS was possible via server integration (TW-68406, TW-68780) | Low | 2020.2.2 | Not applicable | CVE-2021-25772 |
TeamCity | ECR token exposure in the build's parameters (TW-68515) | Medium | 2020.2 | Not applicable | CVE-2021-25776 |
TeamCity | User could get access to GitHub access token of another user (TW-68646) | Low | 2020.2.1 | Not applicable | CVE-2021-25774 |
TeamCity | Server admin could create and see access tokens for any other users (TW-68862) | Low | 2020.2.1 | Not applicable | CVE-2021-25775 |
TeamCity | Improper permissions checks during user deletion (TW-68864) | Low | 2020.2.1 | Not applicable | CVE-2021-25778 |
TeamCity | Improper permissions checks during tokens removal (TW-68871) | Low | 2020.2.1 | Not applicable | CVE-2021-25777 |
TeamCity | TeamCity Plugin SSRF. Vulnerability that could potentially expose user credentials. Reported by Jonathan Leitschuh (TW-69068) | High | 2020.2.85695 | Not applicable | CVE-2020-35667 |
YouTrack | CSRF via attachment upload. Reported by Yurii Sanin (JT-58157) | Medium | 2020.4.4701 | Not applicable | CVE-2021-25765 |
YouTrack | Users enumeration via REST API without appropriate permissions (JT-59396, JT-59498) | Low | 2020.4.4701 | Not applicable | CVE-2020-25208 |
YouTrack | Improper resource access checks (JT-59397) | Low | 2020.4.4701 | Not applicable | CVE-2021-25766 |
YouTrack | Issue's existence disclosure via the YouTrack command execution (JT-59663) | Low | 2020.6.1767 | Not applicable | CVE-2021-25767 |
YouTrack | Improper permissions checks for the attachments actions (JT-59900) | Low | 2020.4.4701 | Not applicable | CVE-2021-25768 |
YouTrack | YouTrack admin wasn't able to access attachments (JT-60824) | Low | 2020.4.6808 | Not applicable | CVE-2021-25769 |
YouTrack | Server-side template injection in the YouTrack Cloud. Reported by Vasily Vasilkov (JT-61449) | High | 2020.5.3123 | Not applicable | CVE-2021-25770 |
YouTrack | Project information disclosure (JT-61566) | Low | 2020.6.1099 | Not applicable | CVE-2021-25771 |
IdeaVim | In limited circumstances, IdeaVim might have caused information leak (VIM-2019) | High | 0.58 | Not applicable | CVE-2020-27623 |
IntelliJ IDEA | Built-in web server could expose information about IDE version (IDEA-240567) | Low | 2020.2 | Not applicable | CVE-2020-27622 |
JetBrains Account | Improper rate limit. Reported by Ashhad Ali (JPF-11026) | Low | 2020.09 | CWE-799 | Not applicable |
JetBrains Account | Password reset token might be disclosed to a third party. Reported by Sheikh Rishad (JPF-11034) | Low | 2020.10 | CWE-201 | Not applicable |
JetBrains Marketplace | Blind SSRF. Reported by Yurii Sanin (MP-3119) | High | Not applicable | CWE-918 | Not applicable |
JetBrains Website | Reflected XSS. Reported by Peter af Geijerstam (JS-13032) | Medium | Not applicable | CWE-79 | Not applicable |
JetBrains Website | HTML injection was possible on several pages (JS-13041) | Medium | Not applicable | CWE-79 | Not applicable |
JetBrains Website | Clickjacking was possible on several pages (JS-13042) | Low | Not applicable | CWE-1021 | Not applicable |
JetBrains Website | SSRF on the website. Reported by Mohamed Lahraoui (SDP-1174) | Low | Not applicable | CWE-918 | Not applicable |
Ktor | HTTP request smuggling was possible. Reported by ZeddYu Lu and Kaiwen Shen (KTOR-841) | Medium | 1.4.1 | Not applicable | CVE-2020-26129 |
Space | Unauthorized access to environment variables containing private data (SPACE-10723) | Medium | Not applicable | CWE-532 | Not applicable |
TeamCity | URL injection was possible (TW-44171) | Low | 2020.1.2 | Not applicable | CVE-2020-27627 |
TeamCity | Guest user had access to audit records (TW-67750) | Medium | 2020.1.5 | Not applicable | CVE-2020-27628 |
TeamCity | Secure dependency parameters could be not masked in depending builds when there are no internal artifacts (TW-67775) | High | 2020.1.5 | Not applicable | CVE-2020-27629 |
Toolbox App | Limited RCE via jetbrains protocol handler. Reported by Jeffrey van Gogh and Yuriy Solodkyy (SDP-1177) | Low | 1.18 | Not applicable | CVE-2020-25207 |
Toolbox App | Denial of service via jetbrains protocol handler (TBX-5281) | Low | 1.18.7455 | Not applicable | CVE-2020-25013 |
YouTrack | Blind SSRF. Reported by Yurii Sanin (JT-58015) | Low | 2020.3.888 | Not applicable | CVE-2020-27624 |
YouTrack | Notifications might have mentioned inaccessible issues (JT-58329) | Low | 2020.3.888 | Not applicable | CVE-2020-27625 |
YouTrack | SSRF in YouTrack InCloud. Reported by Yurii Sanin (JT-58962) | Medium | 2020.3.5333 | Not applicable | CVE-2020-27626 |
YouTrack | Improper access control allowed retrieving issue description without appropriate access. Reported by Yurii Sanin (JT-59015) | Critical | 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.3.65516, 2019.2.65515, 2019.1.65514 | Not applicable | CVE-2020-24618 |
YouTrack | Improper access control for some subresources leads to information disclosure. Reported by Yurii Sanin (JT-59130) | Medium | 2020.3.6638 | Not applicable | CVE-2020-25209 |
YouTrack | An attacker could access workflow rules without appropriate access grants (JT-59474) | High | 2020.3.7955 | Not applicable | CVE-2020-25210 |
YouTrack Mobile | Information disclosure via application backups. Reported by Cristi Vlad (YTM-5518) | Low | 2020.2.0 | Not applicable | CVE-2020-24366 |
Datalore | Stack trace disclosure. (DL-7350) | Low | 0.0.1 | CWE-536 | Not applicable |
Datalore | Reverse tabnabbing was possible. (DL-7708) | Low | 0.0.1 | CWE-1022 | Not applicable |
JetBrains Account | Missed throttling for reset password functionality in case of 2FA enabled. Reported by Manu Pranav. (JPF-10527) | Medium | 2020.06 | CWE-799 | Not applicable |
JetBrains Website | Stack trace disclosure in case of incorrect character in request. (JS-12490) | Low | Not applicable | CWE-536 | Not applicable |
JetBrains Website | Reflected XSS on jetbrains.com subdomain. Reported by Ritik Chaddha. (JS-12562) | Low | Not applicable | CWE-79 | Not applicable |
JetBrains Website | Open-redirect issues on kotlinconf.com. Reported by Ritik Chaddha. (JS-12581) | Low | Not applicable | CWE-601 | Not applicable |
JetBrains Website | Clickjacking was possible at a non-existent page. Reported by Pravas Ranjan Kanungo. (JS-12835) | Low | Not applicable | CWE-1021 | Not applicable |
Kotlin | Script cache privilege escalation vulnerability. Reported by Henrik Tunedal. (KT-38222) | Medium | 1.4.0 | Not applicable | CVE-2020-15824 |
Space | Draft title was disclosed to a user without access to the draft. (SPACE-5594) | Low | Not applicable | CWE-200 | Not applicable |
Space | Missing authorisation check caused privilege escalation. Reported by Callum Carney. (SPACE-8034) | High | Not applicable | CWE-266 | Not applicable |
Space | Blind SSRF via calendar import. Reported by Yurii Sanin. (SPACE-8273) | Medium | Not applicable | CWE-918 | Not applicable |
Space | The drafts of the direct messages sent from iOS app could be sent to the channel. (SPACE-8377) | Low | Not applicable | CWE-200 | Not applicable |
Space | Chat messages are propagated to the browser console. (SPACE-8386) | High | Not applicable | CWE-215 | Not applicable |
Space | Missed authentication checks in Space Automation. (SPACE-8431) | Critical | Not applicable | CWE-306 | Not applicable |
Space | Missed authentication checks in Job related API. (SPACE-8822) | Low | Not applicable | CWE-306 | Not applicable |
Space | Incorrect checks of public key content. (SPACE-9169) | Medium | Not applicable | CWE-287 | Not applicable |
Space | Stored XSS via repository resource. (SPACE-9277) | High | Not applicable | CWE-79 | Not applicable |
TeamCity | Users were able to assign more permissions than they had. (TW-36158) | Low | 2020.1 | Not applicable | CVE-2020-15826 |
TeamCity | Users with "Modify group" permission can elevate other users privileges. (TW-58858) | Medium | 2020.1 | Not applicable | CVE-2020-15825 |
TeamCity | Password parameters could be disclosed via build logs. (TW-64484) | Low | 2019.2.3 | Not applicable | CVE-2020-15829 |
TeamCity | Project parameter values could be retrieved by a user without appropriate permissions. (TW-64587) | High | 2020.1.1 | Not applicable | CVE-2020-15828 |
TeamCity | Reflected XSS on administration UI. (TW-64668) | High | 2019.2.3 | Not applicable | CVE-2020-15831 |
TeamCity | Stored XSS on administration UI. (TW-64699) | High | 2019.2.3 | Not applicable | CVE-2020-15830 |
Toolbox App | Missed signature on "jetbrains-toolbox.exe". (TBX-4671) | Low | 1.17.6856 | Not applicable | CVE-2020-15827 |
UpSource | Unauthorised access was possible through error in accounts linking. (SDP-940) | Low | 2020.1 | Not applicable | CVE-2019-19704 |
YouTrack | Subtasks workflow could disclose issue existence. (JT-45316) | Low | 2020.2.8527 | Not applicable | CVE-2020-15818 |
YouTrack | An external user could execute commands against arbitrary issues. (JT-56848) | High | 2020.1.1331 | Not applicable | CVE-2020-15817 |
YouTrack | SSRF vulnerability that allowed scanning internal ports. Reported by Evren Yalçın. (JT-56917) | Low | 2020.2.10643 | Not applicable | CVE-2020-15819 |
YouTrack | Markdown parser could disclose hidden file existence. (JT-57235) | Low | 2020.2.6881 | Not applicable | CVE-2020-15820 |
YouTrack | A user without permission was able to create articles draft. (JT-57649) | Medium | 2020.2.6881 | Not applicable | CVE-2020-15821 |
YouTrack | AWS metadata of YouTrack InCloud instance disclosure via SSRF in Workflow. Reported by Yurii Sanin. (JT-57964) | High | 2020.2.8873 | Not applicable | CVE-2020-15823 |
YouTrack | SSRF was possible due to the fact that URL filtering could be escaped. Reported by Yurii Sanin. (JT-58204) | Low | 2020.2.10514 | Not applicable | CVE-2020-15822 |
YouTrack InCloud | Possibility to change redirect from any existing YouTrack InCloud instance to other instance. (JT-57036) | Medium | 2020.1.3588 | CWE-601 | Not applicable |
Datalore | User's SSH key can be deleted without appropriate permissions. Reported by Callum Carney (DL-7833) | Medium | 0.0.1 | CWE-639 | Not applicable |
Datalore | SSRF could be caused by an attached file. Reported by Callum Carney (DL-7836) | High | 0.0.1 | CWE-918 | Not applicable |
GoLand | Plain HTTP was used to access plugin repository (GO-8694) | Low | 2019.3.2 | Not applicable | CVE-2020-11685 |
Hub | Content spoofing at Hub OAuth error message was possible (JPS-10093) | Medium | 2020.1.12099 | Not applicable | CVE-2020-11691 |
IntelliJ IDEA | License server could be resolved to untrusted host in some cases (IDEA-219748) | High | 2020.1 | Not applicable | CVE-2020-11690 |
JetBrains Account | Non-unique QR codes were generated during consequentattempts to setup 2FA (JPF-10149) | Low | 2020.01 | CWE-342 | Not applicable |
JetBrains Account | Clickjacking was possible on a JetBrains Account page. Reported by Raja Ahtisham (JPF-10154) | Medium | 2020.01 | CWE-1021 | Not applicable |
JetBrains Account | Customer name enumeration by numeric customer ID was possible (JPF-10159, JPF-10301) | High | 2020.03 | CWE-200 | Not applicable |
JetBrains Account | Country value coming from a user wasn't correctly validated (JPF-10258) | High | 2020.02 | CWE-285 | Not applicable |
JetBrains Account | Information disclosure from JetBrains Account was possible via "Back" button. Reported by Ratnadip Gajbhiye (JPF-10266) | Low | 2020.02 | CWE-200 | Not applicable |
JetBrains Marketplace | Uploading malicious file via Screenshots form could cause XSS (MP-2637) | Medium | Not applicable | CWE-79 | Not applicable |
JetBrains Website | Reflected XSS at jetbrains.com was possible. Reported by Rahad Chowdhury (JS-11769) | High | Not applicable | CWE-79 | Not applicable |
PyCharm | Apple Notarization Service credentials were included to PyCharm distributive for Windows reported by Ruby Nealon (IDEA-232217) | High | 2019.3.3, 2019.2.6 | Not applicable | CVE-2020-11694 |
Space | Session timeout period was configured improperly (SPACE-4717) | Low | Not applicable | Not applicable | CVE-2020-11795 |
Space | Stored XSS in Space chats was possible. Reported by Callum Carney (SPACE-6556) | Medium | Not applicable | Not applicable | CVE-2020-11416 |
Space | Password authentication implementation was insecure (SPACE-7282) | High | Not applicable | Not applicable | CVE-2020-11796 |
TeamCity | Passwords values were shown not being masked on several pages (TW-64186) | Low | 2019.2.2 | Not applicable | CVE-2020-11687 |
TeamCity | Project administrator was able to see scrambled password parameters used in a project (TW-58099) | Medium | 2019.2.2 | Not applicable | CVE-2020-11938 |
TeamCity | Project administrator was able to retrieve some TeamCity server settings (TW-61626) | Low | 2019.1.4 | Not applicable | CVE-2020-11686 |
TeamCity | Application state kept alive after a user ends his session (TW-61824) | Low | 2019.2.1 | Not applicable | CVE-2020-11688 |
TeamCity | A user without appropriate permissions was able import settings from settings.kts (TW-63698) | Low | 2019.2.1 | Not applicable | CVE-2020-11689 |
YouTrack | DB export was accessible to read-only administrators (JT-56001) | Low | 2020.1.659 | Not applicable | CVE-2020-11692 |
YouTrack | DoS could be performed by attaching malformed TIFF to an issue. Reported by Chris Smith (JT-56407) | High | 2020.1.659 | Not applicable | CVE-2020-11693 |
IDETalk plugin | XXE in IDETalk plugin. (IDEA-220136 reported by Srikanth Ramu) | Medium | 193.4099.10 | Not applicable | CVE-2019-18412 |
IntelliJ IDEA | Some Maven repositories are accessed via HTTP instead of HTTPs. (IDEA-216282) | High | 2019.3 | Not applicable | CVE-2020-7904 |
IntelliJ IDEA | Ports listened to by IntelliJ IDEA are exposed to the network. (IDEA-219695) | Low | 2019.3 | Not applicable | CVE-2020-7905 |
IntelliJ IDEA | XSLT debugger plugin misconfiguration allows arbitrary file read over network. (IDEA-216621 reported by Anatoly Korniltsev) | Medium | 2019.3 | Not applicable | CVE-2020-7914 |
JetBrains Account | Profile names are exposed by email. (JPF-9219 reported by Timon Birk) | Low | 2019.11 | CWE-200 | Not applicable |
JetBrains Account | Missing secure flag for cookie. (JPF-9857) | Low | 2019.11 | CWE-614 | Not applicable |
JetBrains Account | Insufficient authentication on contact view. (JPF-10024) | High | 2019.11 | CWE-287 | Not applicable |
JetBrains Account | Insufficient authentication on role update. (JPF-10025) | High | 2019.11 | CWE-287 | Not applicable |
JetBrains Account | XSS on the spending report page. (JPF-10027) | Medium | 2019.12 | CWE-79 | Not applicable |
JetBrains Account | Open redirect during re-acceptance of license agreements. (JPF-10028) | Low | 2019.11 | CWE-601 | Not applicable |
JetBrains Account | Information exposure during processing of license requests. (JPF-10111) | High | 2019.12 | CWE-200 | Not applicable |
JetBrains Marketplace | XSS on several pages. (MP-2617, MP-2640, MP-2642) | Low | Not applicable | CWE-79 | Not applicable |
JetBrains Marketplace | Improper access control during plugins upload. (MP-2695) | Critical | Not applicable | CWE-284 | Not applicable |
JetBrains Website | Cookie XSS at jetbrains.com. (JS-10969) | High | Not applicable | CWE-79 | Not applicable |
Ktor | The Ktor framework is vulnerable to HTTP Response Splitting. Reported by Jonathan Leitschuh | High | 1.2.6 | Not applicable | CVE-2019-19389 |
Ktor | The Ktor client resends authorization data to a redirect location. Reported by Jonathan Leitschuh | Low | 1.2.6 | Not applicable | CVE-2019-19703 |
Ktor | Request smuggling is possible when both chunked Transfer-Encoding and Content-Length are specified. Reported by Jonathan Leitschuh | Low | 1.3.0 | Not applicable | CVE-2020-5207 |
Rider | Unsigned binaries in Windows installer. (RIDER-30393) | Medium | 2019.3 | Not applicable | CVE-2020-7906 |
Scala plugin | Artifact dependencies were resolved over unencrypted connections. (SCL-15063) | High | 2019.2.1 | Not applicable | CVE-2020-7907 |
TeamCity | Reverse Tabnabbing is possible on several pages. (TW-61710, TW-61726, TW-61727) | Low | 2019.1.5 | Not applicable | CVE-2020-7908 |
TeamCity | Some server-stored passwords can be shown via web UI. (TW-62674) | High | 2019.1.5 | Not applicable | CVE-2020-7909 |
TeamCity | Possible stored XSS attack by a user with a developer role. (TW-63298) | Medium | 2019.2 | Not applicable | CVE-2020-7910 |
TeamCity | Stored XSS on user-level pages. (TW-63160) | High | 2019.2 | Not applicable | CVE-2020-7911 |
YouTrack | CORS misconfiguration on youtrack.jetbrains.com. (JT-53675) | Medium | Not applicable | CWE-346 | Not applicable |
YouTrack | SMTP/Jabber settings can be accessed using backups. (JT-54139) | Medium | 2019.2.59309 | Not applicable | CVE-2020-7912 |
YouTrack | XSS via image upload at youtrack-workflow-converter.jetbrains.com. (JT-54589) | Low | Not applicable | CWE-80 | Not applicable |
YouTrack | XSS via issue description. (JT-54719) | High | 2019.2.59309 | Not applicable | CVE-2020-7913 |
Hub | Username enumeration was possible through password recovery. JPS-9655, JPS-9938 | Low | 2019.1.11738 | Not applicable | CVE-2019-18360 |
IntelliJ IDEA | Local user privilege escalation potentially allowed arbitrary code execution. IDEA-216623 | Low | 2019.2 | Not applicable | CVE-2019-18361 |
JetBrains Account | Account removal without re-authentication was possible. JPF-9611 reported by Siamul Islam. | Medium | 2019.9 | CWE-306 | Not applicable |
JetBrains Account | Password reset link was not invalidated during password change through profile. JPF-9610 reported by Elliot V. Daniel. | Medium | 2019.8 | CWE-613 | Not applicable |
MPS | Ports listened to by MPS are exposed to the network. MPS-30661 | Low | 2019.2.2 | Not applicable | CVE-2019-18362 |
TeamCity | Access could be gained to the history of builds of a deleted build configuration under some circumstances. TW-60957 | Medium | 2019.1.2 | Not applicable | CVE-2019-18363 |
TeamCity | Insecure Java Deserialization could potentially allow RCE. TW-61928 reported by Aleksei "GreenDog" Tiurin. | Medium | 2019.1.4 | Not applicable | CVE-2019-18364 |
TeamCity | Reverse tabnabbing was possible on several pages. TW-61323, TW-61725,TW-61726, TW-61646,TW-62123 | Low | 2019.1.4 | Not applicable | CVE-2019-18365 |
TeamCity | Secure values could be exposed to users with the ‘View build runtime parameters and data’ permission. | Low | 2019.1.2 | Not applicable | CVE-2019-18366 |
TeamCity | A non-destructive operation could be performed by a user without the corresponding permissions. TW-61107 | Low | 2019.1.2 | Not applicable | CVE-2019-18367 |
Toolbox App | Privilege escalation was possible in the JetBrains Toolbox App for Windows.TBX-3759 | Low | 1.15.5666 | Not applicable | CVE-2019-18368 |
YouTrack | Removing tags from issues list without corresponding permission was possible. JT-53465 | Low | 2019.2.55152 | Not applicable | CVE-2019-18369 |
YouTrack InCloud | Sending of arbitrary spam email from a Youtrack instance was possible. JT-54136, ADM-13823, ADM-34971 | Low | Not applicable | CWE-285 | Not applicable |
Exception Analyzer | Insecure transfer of JetBrains Account credentials. EXA-652 | Critical | Not applicable | CWE-598 | Not applicable |
Hub | No way to set a password to expire automatically. JPS-8816 | Low | 2018.4.11436 | Not applicable | CVE-2019-14955 |
IdeaVim | Project data appeared in user level settings. VIM-1184 | Medium | 0.52 | Not applicable | CVE-2019-14957 |
IntelliJ IDEA | Resolving artifacts using an http connection, potentially allowing an MITM attack. IDEA-211231 | High | 2019.2 | Not applicable | CVE-2019-14954 |
JetBrains Account | Authorized account enumeration. JPF-9370 | Low | 2019.5 | CWE-204 | Not applicable |
JetBrains Account | Cross-origin resource sharing misconfiguration (Reported by Vishnu Vardhan). JPF-9095 | Low | 2019.5 | CWE-942 | Not applicable |
JetBrains Account | No rate limitation on the account details page. JPF-9704 | Medium | 2019.8 | CWE-770 | Not applicable |
JetBrains Account | No rate limitation on the licenses page. JPF-9713 | High | 2019.9 | CWE-770 | Not applicable |
JetBrains Account | Unauthorized disclosure of license email on the licenses page. JPF-9692 | Critical | 2019.8 | CWE-284 | Not applicable |
JetBrains Website | Reflected XSS. JS-9853 | Medium | Not applicable | CWE-79 | Not applicable |
Ktor | Command injection through LDAP username. | Medium | 1.2.0-rc, 1.2.0 | Not applicable | CVE-2019-12736 |
Ktor | Predictable Salt for user credentials. | Medium | 1.2.0-rc2, 1.2.0 | Not applicable | CVE-2019-12737 |
PyCharm | Remote call causing an “out of memory” error was possible. PY-35251 | Low | 2019.2 | Not applicable | CVE-2019-14958 |
ReSharper | DLL hijacking vulnerability. RSRP-473674 | High | 2019.2 | Not applicable | CVE-2019-16407 |
Rider | Unsigned DLL was used in a distributive. RIDER-27708 | Medium | 2019.1.2 | Not applicable | CVE-2019-14960 |
TeamCity | Previously used unencrypted passwords were suggested by a web browser’s auto-completion. TW-59759 | Low | 2019.1 | CWE-200 | Not applicable |
TeamCity | VMWare plugin did not check SSL certificate. TW-59562 | Medium | 2019.1 | Not applicable | CVE-2019-15042 |
TeamCity | Remote Code Execution on the server with certain network configurations. TW-60430 | Medium | 2019.1 | Not applicable | CVE-2019-15039 |
TeamCity | Project administrator could get unauthorized access to server-level data. TW-60220 | High | 2019.1 | Not applicable | CVE-2019-15035 |
TeamCity | Project administrator could execute any command on the server machine. TW-60219 | High | 2019.1 | Not applicable | CVE-2019-15036 |
TeamCity | Security has been tightened thanks to using additional HTTP headers. TW-59034 | High | 2019.1 | Not applicable | CVE-2019-15038 |
TeamCity | Possible XSS vulnerabilities on the settings pages. TW-59870, TW-59852, TW-59817, TW-59838, TW-59816 | High | 2019.1 | Not applicable | CVE-2019-15037 |
TeamCity | XSS vulnerability. TW-61242, TW-61315 | High | 2019.1.2 | Not applicable | CVE-2019-15848 |
Toolbox App | Unencrypted connection to external resources, potentially allowed an MITM attack. TBX-3327, ADM-30275 | Low | 1.15.5605 | CWE-311 | CVE-2019-14959 |
UpSource | Insufficient escaping of code blocks. UP-10387 | Medium | 2019.1.1412 | Not applicable | CVE-2019-14961 |
UpSource | Credentials exposure via RPC command. UP-10344 | Critical | 2018.2.1290 | Not applicable | CVE-2019-12156 |
UpSource | Credentials exposure via RPC command. UP-10343 | Critical | 2018.2.1293 | Not applicable | CVE-2019-12157 |
YouTrack | A user could get a list of project names under certain conditions. JT-53162 | Low | 2019.2.53938 | Not applicable | CVE-2019-14956 |
YouTrack | Stored XSS via issue attachments. JT-51077 | High | 2019.2.53938 | Not applicable | CVE-2019-14953 |
YouTrack | Stored XSS on the issue page. JT-54121 | High | 2019.2.56594 | Not applicable | CVE-2019-16171 |
YouTrack | Stored XSS in the issues list. JT-52894 | High | 2019.1.52584 | Not applicable | CVE-2019-14952 |
YouTrack | A compromised URL was automatically whitelisted by YouTrack. JT-47653 | Low | 2019.1.52545 | Not applicable | CVE-2019-15041 |
YouTrack | Cross-Site Request Forgery. JT-30098 | Low | 2019.1 | Not applicable | CVE-2019-15040 |
CLion | The suggested WSL configuration exposed a local SSH server to the internal network. CPP-15063 | Medium | Not applicable | CWE-276 | Not applicable |
Hub | A user password could appear in the audit events for certain server settings. JPS-7895 | High | 2018.4.11298 | Not applicable | CVE-2019-12847 |
IntelliJ IDEA | The default configuration for Spring Boot apps was not secure. IDEA-204439 | High | 2018.3.4, 2019.1 | Not applicable | CVE-2019-9186 |
IntelliJ IDEA | The application server configuration allowed cleartext storage of secrets. IDEA-201519, IDEA-202483, IDEA-203271 | High | 2018.1.8, 2018.2.8, 2018.3.5, 2019.1 | Not applicable | CVE-2019-9872 |
IntelliJ IDEA | The implementation of storage in the KeePass database was not secure. IDEA-200066 | Low | 2018.3, 2019.1 | CWE-922 | Not applicable |
IntelliJ IDEA | A certain application server configuration allowed cleartext storage of secrets. IDEA-199911 | Low | 2018.3 | CWE-317 | Not applicable |
IntelliJ IDEA | A certain application server configuration allowed cleartext storage of secrets. IDEA-203613 | Medium | 2018.1.8, 2018.2.8, 2018.3.5 | Not applicable | CVE-2019-9823 |
IntelliJ IDEA | A certain remote server configurations allowed cleartext storage of secrets. IDEA-203272, IDEA-203260, IDEA-206556, IDEA-206557 | High | 2019.1 | Not applicable | CVE-2019-9873 |
IntelliJ IDEA | The run configuration of certain application servers allowed remote code execution while running the server with the default settings. IDEA-204570 | High | 2017.3.7, 2018.1.8, 2018.2.8, 2018.3.4 | Not applicable | CVE-2019-10104 |
JetBrains Account | An open redirect vulnerability via the backUrl parameter was detected. JPF-8899 | Medium | Not applicable | CWE-601 | Not applicable |
JetBrains Account | The host header injection vulnerability was detected at account.jetbrains.com. ADM-20535 | Medium | Not applicable | CWE-444 | Not applicable |
JetBrains Marketplace | Some HTTP Security Headers were missing. MP-2004 | Medium | Not applicable | CWE-693 | Not applicable |
JetBrains Marketplace | A reflected XSS was detected. MP-2001 | Medium | Not applicable | CWE-79 | Not applicable |
JetBrains Marketplace | A CSRF vulnerability was detected. MP-2002 | Medium | Not applicable | CWE-352 | Not applicable |
JetBrains Website | A reflected XSS was detected. JT-51074 | Low | Not applicable | CWE-79 | Not applicable |
Kotlin | The JetBrains Kotlin project was resolving artifacts using anhttp connection during the build process, potentially allowing an MITM attack. | Medium | 1.3.30 | Not applicable | CVE-2019-10101 |
Kotlin plugin for IntelliJ | IntelliJ IDEA projects created using the KotlinIDE template were resolving artifacts using an http connection, potentially allowing an MITM attack. | Medium | 1.3.30 | Not applicable | CVE-2019-10102 |
PyCharm | A certain remote server configuration allowed cleartext storage of secrets. PY-32885 | Medium | 2018.3.2 | CWE-209 | Not applicable |
TeamCity | A possible stored JavaScript injection was detected. TW-59419 | Medium | 2018.2.3 | Not applicable | CVE-2019-12844 |
TeamCity | The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. TW-59379 | Medium | 2018.2.3 | Not applicable | CVE-2019-12845 |
TeamCity | A possible stored JavaScript injection requiring a deliberate server administrator action was detected. TW-55640 | Medium | 2018.2.3 | Not applicable | CVE-2019-12843 |
TeamCity | Incorrect handling of user input in ZIP extraction. TW-57143 | Medium | 2018.2.2 | Not applicable | CVE-2019-12841 |
TeamCity | A reflected XSS on a user page was detected. TW-58661 | Medium | 2018.2.2 | Not applicable | CVE-2019-12842 |
TeamCity | A user without the required permissions could gain access to some settings. TW-58571 | Medium | 2018.2.2 | Not applicable | CVE-2019-12846 |
YouTrack | An SSRF attack was possible on a YouTrack server. JT-51121 | High | 2018.4.49168 | Not applicable | CVE-2019-12852 |
YouTrack | An Insecure Direct Object Reference was possible. JT-51103 | Low | 2018.4.49168 | Not applicable | CVE-2019-12866 |
YouTrack | Certain actions could cause privilege escalation for issue attachments. JT-51080 | Medium | 2018.4.49168 | Not applicable | CVE-2019-12867 |
YouTrack | A query injection was possible. JT-51105 | Low | 2018.4.49168 | Not applicable | CVE-2019-12850 |
YouTrack | A CSRF vulnerability was detected in one of admin endpoints. JT-51110 | Medium | 2018.4.49852 | Not applicable | CVE-2019-12851 |
YouTrack | The YouTrack Confluence plugin allowed the SSTI vulnerability. JT-51594 | Medium | 1.8.1.3 | Not applicable | CVE-2019-10100 |
YouTrack InCloud | An unauthorized disclosure of license details to an attacker #2 was possible. JT-51117 | Low | Not applicable | CWE-284 | Not applicable |
Hub | Admin account takeover of a system authorized with Hub was possible. JPS-9594 | Critical | 2018.3.11035 | Not applicable | Not applicable |
Hub | XXE was possible. JPS-9616, UP-10218 | High | 2018.4.11067 | Not applicable | Not applicable |
JetBrains Account | Disclosure of email address within unsuccessful login attempt. JPF-8663 | High | 4.11 | Not applicable | Not applicable |
TeamCity | Reflected XSS on user-level pages. TW-58065, TW-58234 | High | 2018.2 | Not applicable | Not applicable |
TeamCity | Stored XSS on the build details page. TW-58129, TW-58138 | High | 2018.2 | Not applicable | Not applicable |
TeamCity | Exposure of sensitive parameter value to a privileged user was possible. TW-56946 | Medium | 2018.1.3 | Not applicable | Not applicable |
UpSource | A privileged user had access to user credentials in rare case. UP-10092 | Medium | 2018.2.1141 | Not applicable | Not applicable |
YouTrack | Unauthorized access to project and user details with guest user banned was possible. JT-50970, JT-49827, JT-50611, JT-50203 | High | 2018.3.47010 | Not applicable | Not applicable |
YouTrack | Stored XSS on YouTrack issue page. JT-50201 | Low | 2018.3.47965 | Not applicable | Not applicable |
YouTrack InCloud | Unauthorized disclosure of YouTrack InCloud subscription information was possible. JPF-8714, JT-51001 | High | 2018.4.48293 | Not applicable | Not applicable |
YouTrack InCloud | Unauthorized access to the email address of YouTrack InCloud was possible. JT-50946 | High | 2018.4.48293 | Not applicable | Not applicable |
dotPeek | Remote Code Execution was possible while operating specific files. DOTP-7635 | High | 2018.1.4 | Not applicable | Not applicable |
Hub | Hub stored license information in log files. JPS-9187 | Low | 2018.2.10527 | Not applicable | Not applicable |
IntelliJ IDEA | Insecure connection used to access JetBrains resources. IDEA-187601, IDEA-192440 | Medium | 2018.1.5 | Not applicable | Not applicable |
IntelliJ IDEA | Incorrect handling of user input in ZIP extraction. IDEA-191679, IDEA-191680, IDEA-193358 | High | 2018.2 | Not applicable | Not applicable |
JetBrains Account | A few customer profiles were made available without authorization. JPF-8211 | Medium | Not applicable | Not applicable | Not applicable |
JetBrains Account | It was possible to obtain customer business email from order reference. JPF-7903 | Medium | Not applicable | Not applicable | Not applicable |
JetBrains Marketplace | XXE vulnerability. MP-1708 | Low | Not applicable | Not applicable | Not applicable |
JetBrains Marketplace | Incorrect handling of user input in ZIP extraction. MP-1678 | Medium | Not applicable | Not applicable | Not applicable |
ReSharper | Incorrect handling of user input in ZIP extraction. RSRP-470115 | High | 2018.1.3 | Not applicable | Not applicable |
TeamCity | CSRF vulnerability. TW-55992 | Medium | 2018.1.1 | Not applicable | Not applicable |
TeamCity | Change of project settings can corrupt settings of other projects. TW-55704 | Low | 2018.1.1 | Not applicable | Not applicable |
TeamCity | Possible privilege escalation while viewing agent details. TW-56025 | Medium | 2018.1.1 | Not applicable | Not applicable |
TeamCity | Possible unvalidated redirect. TW-56085 | Medium | 2018.1.2 | Not applicable | Not applicable |
TeamCity | Reflected XSS vulnerabilities. TW-56490, TW-56375, TW-56374 | Medium | 2018.1.2 | Not applicable | Not applicable |
TeamCity | Stored XSS vulnerabilities. TW-56830, TW-56719 | Medium | 2018.1.3 | Not applicable | Not applicable |
TeamCity | Stored XSS vulnerabilities. TW-55214, TW-56126, TW-56127, TW-56452, TW-56571 | Medium | 2018.1.2 | Not applicable | Not applicable |
YouTrack | Reflected XSS vulnerability. JT-48606 | Medium | 2018.2.45073 | Not applicable | Not applicable |
YouTrack | Possible privilege escalation via deprecated REST API. JT-48605 | Low | 2018.2.45073 | Not applicable | Not applicable |
YouTrack | Possible tabnabbing via issue content. JT-47993 | Low | 2018.2.44329 | Not applicable | Not applicable |
Hub | ClickJacking vulnerability. JPS-7209 | Low | 2017.4.8040 | Not applicable | Not applicable |
Hub | ClickJacking vulnerability. JPS-8009 | Low | 2018.2.9541 | Not applicable | Not applicable |
IntelliJ IDEA | ROBOT attack vulnerability in certain subsystems. IDEA-183912 | Low | 2018.1.3 | Not applicable | Not applicable |
Scala plugin | Possible unauthenticated access to local compile server. SCL-13584 | Medium | 2018.2 | Not applicable | Not applicable |
TeamCity | Possible privilege escalation to server administrator. TW-55209 | High | 2018.1 | Not applicable | Not applicable |
TeamCity | CSRF attack vulnerability. TW-55210 | High | 2018.1 | Not applicable | Not applicable |
TeamCity | Possible privilege escalation from project administrator to server administrator. TW-55211, TW-55684 | High | 2018.1 | Not applicable | Not applicable |
TeamCity | Possible unauthorized removal of installation data by project administrator. TW-54876 | High | 2018.1 | Not applicable | Not applicable |
TeamCity | Network access to an agent allowed potential unauthorized control over the agent. TW-49335 | Medium | 2018.1 | Not applicable | Not applicable |
TeamCity | In a very specific scenario, an attacker could steal web responses meant for other users. TW-54486 | Medium | 2018.1 | Not applicable | Not applicable |
TeamCity | Stored XSS vulnerabilities on various pages. TW-27206, TW-54129, TW-55453, TW-55215, TW-55217, TW-55353 | Medium | 2018.1 | Not applicable | Not applicable |
TeamCity | Project viewer could delete non-critical project settings. TW-55261 | Medium | 2018.1 | Not applicable | Not applicable |
TeamCity | Network access to a server allowed potential read access to project settings. TW-54870 | Medium | 2018.1 | Not applicable | Not applicable |
TeamCity | Project viewer could affect details of some running builds. TW-54975 | Medium | 2018.1 | Not applicable | Not applicable |
TeamCity | Reflected XSS vulnerabilities on various pages. TW-55212, TW-55213 | Medium | 2018.1 | Not applicable | Not applicable |
TeamCity | User self-registration might have been enabled by default on new server installation. TW-54741 | Medium | 2017.2.4, 2018.1 | Not applicable | Not applicable |
TeamCity | Possible vulnerability to ClickJacking attack from TeamCity UI. TW-33819 | Medium | 2017.2.4, 2018.1 | Not applicable | Not applicable |
TeamCity | Project viewer could bypass the "View build runtime parameters and data" permission. TW-55502 | Low | 2018.1 | Not applicable | Not applicable |
TeamCity | Network access to a server exposed a vulnerability to DoS attacks. TW-11984 | Low | 2018.1 | Not applicable | Not applicable |
TeamCity | Potential to pass authorization cookies without secure flags. TW-55141 | Low | 2018.1 | Not applicable | Not applicable |
UpSource | Vulnerability to ClickJacking attack. UP-9673 | Medium | 2018.1 | Not applicable | Not applicable |
UpSource | Possible privilege escalation during the configuration process. BND-1154, BND-1579, UP-7359. Reported by Zhiyong Feng from Mobike Security Team | Low | 2018.1 | Not applicable | Not applicable |
YouTrack | Stored XSS vulnerabilities from specific pages. JT-47824 | High | 2018.2.42881 | Not applicable | Not applicable |
YouTrack | Potential for unauthorized users to view names of SSL keys. JT-47685 | Low | 2018.2.42881 | Not applicable | Not applicable |
YouTrack | Swimlane functionality allowed unauthorized changes to a limited number of issue properties. JT-47125 | Low | 2018.2.42133 | Not applicable | Not applicable |
dotTrace | dotTrace allowed privilege escalation (PROF-668) | Critical | 2017.1, 2017.2, 2017.3, 2018.1 | Not applicable | Not applicable |
Hub | Limitation of login attempts at hub.jetbrains.com was disabled (JPS-7627) | Low | 2018.1.9041 | Not applicable | Not applicable |
Hub | It was possible to obtain a new access token for a banned user (JPS-7553) | Low | 2017.4.8440 | Not applicable | Not applicable |
IntelliJ IDEA | YourKit profiler port was available externally in EAP builds for Linux (IDEA-184795) | Low | 2018.1 | Not applicable | Not applicable |
JetBrains Account | Privilege escalation was possible for JetBrains Account activity log (JPF-7437) | Medium | Not applicable | Not applicable | Not applicable |
JetBrains Account | Valid password links might remain upon password reset (JPF-7335) | Low | Not applicable | Not applicable | Not applicable |
TeamCity | VCS preview allowed XSS attack (TW-54027) | Medium | 2017.2.3 | Not applicable | Not applicable |
TeamCity | Data Directory preview allowed XSS attack (TW-54021) | Low | 2017.2.3 | Not applicable | Not applicable |
TeamCity | vmWare plugin settings allowed XSS attack (TW-53984) | High | 2017.2.3 | Not applicable | Not applicable |
TeamCity | VCS settings allowed XSS attack (TW-53943, TW-53978) | High | 2017.2.3 | Not applicable | Not applicable |
TeamCity | Authentication bypass was possible with certain Windows server configuration (TW-53507) | Medium | 2017.2.2 | Not applicable | Not applicable |
TeamCity | Project administrator could run arbitrary code (TW-50054) | High | 2017.2.2 | Not applicable | Not applicable |
TeamCity | Build fields allowed XSS attack (TW-53466) | Medium | 2017.2.2 | Not applicable | Not applicable |
TeamCity | Multiple XSS vulnerabilities (reported by Viktor Gazdag of NCC Group) (TW-53442) | High | 2017.2.2 | Not applicable | Not applicable |
UpSource | Multiple XSS vulnerabilities (Reported by Viktor Gazdag of NCC Group) (UP-9606) | Medium | 2017.3.2888 | Not applicable | Not applicable |
YouTrack | RSS feed allowed unauthorized access to comments with certain configuration (JT-46375) | Medium | 2018.1.40341 | Not applicable | Not applicable |
YouTrack | REST API allowed unauthorized access to attachments of hidden comments (JT-46004) | Medium | 2018.1.40341 | Not applicable | Not applicable |
YouTrack | RSS feed allowed unauthorized access to issues list with certain configuration (JT-46159) | High | 2018.1.40066 | Not applicable | Not applicable |
YouTrack | Custom fields allowed privilege escalation for guest user account (JT-46115) | Medium | 2018.1.40025 | Not applicable | Not applicable |
YouTrack | Issue linking permission bypassing was available via "Create issue linked as..." (JT-25321) | Medium | 2017.4.39533 | Not applicable | Not applicable |
YouTrack | Unauthorized access to issue content was possible even if guest user access was restricted in the bundle installer (JT-45284) | Low | 2017.4.39083 | Not applicable | Not applicable |
YouTrack | Activity records for private fields were available to users with read-only permissions (JT-45282) | Medium | 2017.4.39083 | Not applicable | Not applicable |