Filtered by vendor Jetbrains
Subscribe
Total
358 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-28648 | 1 Jetbrains | 1 Youtrack | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered | |||||
CVE-2022-24339 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. | |||||
CVE-2022-29818 | 1 Jetbrains | 1 Intellij Idea | 2023-12-10 | 3.6 LOW | 7.1 HIGH |
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed | |||||
CVE-2022-24335 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC. | |||||
CVE-2022-24329 | 2 Jetbrains, Oracle | 3 Kotlin, Communications Cloud Native Core Binding Support Function, Communications Pricing Design Center | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. | |||||
CVE-2022-25261 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. | |||||
CVE-2022-28650 | 1 Jetbrains | 1 Youtrack | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI | |||||
CVE-2022-24333 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. | |||||
CVE-2022-29815 | 1 Jetbrains | 1 Intellij Idea | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible | |||||
CVE-2022-24328 | 1 Jetbrains | 1 Hub | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. | |||||
CVE-2022-25259 | 1 Jetbrains | 1 Hub | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. | |||||
CVE-2022-24344 | 1 Jetbrains | 1 Youtrack | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. | |||||
CVE-2022-29821 | 1 Jetbrains | 1 Pycharm | 2023-12-10 | 4.4 MEDIUM | 7.7 HIGH |
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible | |||||
CVE-2022-24340 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. | |||||
CVE-2022-29035 | 1 Jetbrains | 1 Ktor | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations | |||||
CVE-2022-24331 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. | |||||
CVE-2021-45977 | 1 Jetbrains | 7 Clion, Goland, Intellij Idea and 4 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1. | |||||
CVE-2022-24337 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. | |||||
CVE-2022-24327 | 1 Jetbrains | 1 Hub | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. | |||||
CVE-2022-24347 | 1 Jetbrains | 1 Youtrack | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. |