Filtered by vendor Jetbrains
Subscriptions
Total
359 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-9823 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | N/A |
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8. | ||||
CVE-2019-18368 | 1 Jetbrains | 1 Toolbox | 2020-08-24 | 7.3 High |
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. | ||||
CVE-2019-18361 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | 5.3 Medium |
JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution. | ||||
CVE-2019-10104 | 1 Jetbrains | 1 Intellij Idea | 2020-08-24 | N/A |
In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. | ||||
CVE-2019-12845 | 1 Jetbrains | 1 Teamcity | 2020-08-24 | N/A |
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3. | ||||
CVE-2019-10100 | 1 Jetbrains | 1 Youtrack Integration | 2020-08-24 | N/A |
In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-template field to execute code remotely. | ||||
CVE-2019-12846 | 1 Jetbrains | 1 Teamcity | 2020-08-24 | N/A |
A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2. | ||||
CVE-2019-12847 | 1 Jetbrains | 1 Hub | 2020-08-24 | N/A |
In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period. | ||||
CVE-2020-15823 | 1 Jetbrains | 1 Youtrack | 2020-08-10 | 7.5 High |
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. | ||||
CVE-2020-15819 | 1 Jetbrains | 1 Youtrack | 2020-08-10 | 5.3 Medium |
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. | ||||
CVE-2020-15821 | 1 Jetbrains | 1 Youtrack | 2020-08-10 | 6.5 Medium |
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. | ||||
CVE-2020-15827 | 1 Jetbrains | 1 Toolbox | 2020-08-10 | 7.5 High |
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. | ||||
CVE-2020-15830 | 1 Jetbrains | 1 Teamcity | 2020-08-10 | 6.1 Medium |
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. | ||||
CVE-2020-15831 | 1 Jetbrains | 1 Teamcity | 2020-08-10 | 6.1 Medium |
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. | ||||
CVE-2020-11690 | 1 Jetbrains | 1 Intellij Idea | 2020-04-29 | 9.8 Critical |
In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases. | ||||
CVE-2020-11795 | 1 Jetbrains | 1 Space | 2020-04-29 | 7.5 High |
In JetBrains Space through 2020-04-22, the session timeout period was configured improperly. | ||||
CVE-2020-11796 | 1 Jetbrains | 1 Space | 2020-04-29 | 9.8 Critical |
In JetBrains Space through 2020-04-22, the password authentication implementation was insecure. | ||||
CVE-2020-11692 | 1 Jetbrains | 1 Youtrack | 2020-04-27 | 2.7 Low |
In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators. | ||||
CVE-2020-11416 | 1 Jetbrains | 1 Space | 2020-04-27 | 5.4 Medium |
JetBrains Space through 2020-04-22 allows stored XSS in Chats. | ||||
CVE-2020-11687 | 1 Jetbrains | 1 Teamcity | 2020-04-27 | 7.5 High |
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages. |