Filtered by vendor Jetbrains
Subscriptions
Total
381 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14955 | 1 Jetbrains | 1 Hub | 2024-08-05 | 5.3 Medium |
| In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented. | ||||
| CVE-2019-12845 | 1 Jetbrains | 1 Teamcity | 2024-08-04 | N/A |
| The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3. | ||||
| CVE-2019-12867 | 1 Jetbrains | 1 Youtrack | 2024-08-04 | N/A |
| Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168. | ||||
| CVE-2019-12847 | 1 Jetbrains | 1 Hub | 2024-08-04 | N/A |
| In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period. | ||||
| CVE-2019-12851 | 1 Jetbrains | 1 Youtrack | 2024-08-04 | N/A |
| A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852. | ||||
| CVE-2019-12866 | 1 Jetbrains | 1 Youtrack | 2024-08-04 | N/A |
| An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168. | ||||
| CVE-2019-12852 | 1 Jetbrains | 1 Youtrack | 2024-08-04 | N/A |
| An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168. | ||||
| CVE-2019-12841 | 1 Jetbrains | 1 Teamcity | 2024-08-04 | N/A |
| Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2. | ||||
| CVE-2019-12842 | 1 Jetbrains | 1 Teamcity | 2024-08-04 | N/A |
| A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2. | ||||
| CVE-2019-12850 | 1 Jetbrains | 1 Youtrack | 2024-08-04 | N/A |
| A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168. | ||||
| CVE-2019-12844 | 1 Jetbrains | 1 Teamcity | 2024-08-04 | N/A |
| A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3. | ||||
| CVE-2019-12843 | 1 Jetbrains | 1 Teamcity | 2024-08-04 | N/A |
| A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3. | ||||
| CVE-2019-12846 | 1 Jetbrains | 1 Teamcity | 2024-08-04 | N/A |
| A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2. | ||||
| CVE-2019-12737 | 1 Jetbrains | 1 Ktor | 2024-08-04 | 5.3 Medium |
| UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials. | ||||
| CVE-2019-12736 | 1 Jetbrains | 1 Ktor | 2024-08-04 | 9.8 Critical |
| JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection. | ||||
| CVE-2019-12156 | 1 Jetbrains | 1 Upsource | 2024-08-04 | 5.3 Medium |
| Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293. | ||||
| CVE-2019-12157 | 1 Jetbrains | 2 Teamcity, Upsource | 2024-08-04 | 9.8 Critical |
| In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands. | ||||
| CVE-2019-10104 | 1 Jetbrains | 1 Intellij Idea | 2024-08-04 | N/A |
| In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. | ||||
| CVE-2019-10100 | 1 Jetbrains | 1 Youtrack Integration | 2024-08-04 | N/A |
| In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-template field to execute code remotely. | ||||
| CVE-2019-10103 | 1 Jetbrains | 1 Kotlin | 2024-08-04 | N/A |
| JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101. | ||||