Filtered by vendor Jetbrains
Subscribe
Total
358 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-12852 | 1 Jetbrains | 1 Youtrack | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168. | |||||
CVE-2019-10102 | 1 Jetbrains | 2 Kotlin, Ktor | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30. | |||||
CVE-2019-12847 | 1 Jetbrains | 1 Hub | 2023-12-10 | 4.0 MEDIUM | 7.2 HIGH |
In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period. | |||||
CVE-2019-12845 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3. | |||||
CVE-2019-10104 | 1 Jetbrains | 1 Intellij Idea | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. | |||||
CVE-2019-10101 | 1 Jetbrains | 1 Kotlin | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. | |||||
CVE-2019-9186 | 1 Jetbrains | 1 Intellij Idea | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. | |||||
CVE-2019-12843 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3. | |||||
CVE-2019-12866 | 1 Jetbrains | 1 Youtrack | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168. | |||||
CVE-2019-12841 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2. | |||||
CVE-2019-15848 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user. | |||||
CVE-2019-9872 | 1 Jetbrains | 1 Intellij Idea | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | |||||
CVE-2019-12844 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3. | |||||
CVE-2019-9873 | 1 Jetbrains | 1 Intellij Idea | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | |||||
CVE-2017-8316 | 1 Jetbrains | 1 Intellij Idea | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml. | |||||
CVE-2018-14878 | 1 Jetbrains | 2 Dotpeek, Resharper Ultimate | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data. | |||||
CVE-2014-10002 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
CVE-2014-10036 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html. |