| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS. |
| In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible. |
| In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing. |
| In JetBrains TeamCity before 2021.1.2, user enumeration was possible. |
| In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible. |
| In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible. |
| JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS. |
| In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible. |
| In JetBrains YouTrack Mobile before 2021.2, access token protection on Android is incomplete. |
| In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete. |
| In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information. |
| JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS. |
| JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection. |
| In JetBrains YouTrack before 2021.3.21051, stored XSS is possible. |
| In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. |
| In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. |
| In JetBrains Hub before 2021.1.13690, stored XSS is possible. |
| In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. |
| In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible. |
| In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions. |
