| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. |
| In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. |
| In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256. |
| In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used. |
| In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient. |
| In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. |
| In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made. |
| In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used. |
| In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. |
| In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. |
| In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects. |
| In JetBrains TeamCity before 2020.2.3, XSS was possible. |
| In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. |
| In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. |
| In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. |
| In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. |
| In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible. |
| In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange. |
| In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset. |
| In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages. |
