| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS. |
| JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection. |
| In JetBrains YouTrack before 2021.3.21051, stored XSS is possible. |
| In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. |
| In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. |
| In JetBrains Hub before 2021.1.13690, stored XSS is possible. |
| In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. |
| In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible. |
| In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions. |
| In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. |
| In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. |
| In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256. |
| In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used. |
| In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient. |
| In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. |
| In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made. |
| In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used. |
| In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. |
| In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. |
| In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects. |
