Filtered by vendor Jetbrains
Subscriptions
Total
381 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-10101 | 1 Jetbrains | 1 Kotlin | 2024-08-04 | 8.1 High |
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. | ||||
CVE-2019-10102 | 1 Jetbrains | 2 Kotlin, Ktor | 2024-08-04 | N/A |
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30. | ||||
CVE-2019-9872 | 1 Jetbrains | 1 Intellij Idea | 2024-08-04 | N/A |
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | ||||
CVE-2019-9873 | 1 Jetbrains | 1 Intellij Idea | 2024-08-04 | N/A |
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | ||||
CVE-2019-9823 | 1 Jetbrains | 1 Intellij Idea | 2024-08-04 | N/A |
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8. | ||||
CVE-2019-9186 | 1 Jetbrains | 1 Intellij Idea | 2024-08-04 | N/A |
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. | ||||
CVE-2020-35667 | 1 Jetbrains | 1 Teamcity | 2024-08-04 | 7.5 High |
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials. | ||||
CVE-2020-29582 | 3 Jetbrains, Oracle, Redhat | 7 Kotlin, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 4 more | 2024-08-04 | 5.3 Medium |
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions. | ||||
CVE-2020-27624 | 1 Jetbrains | 1 Youtrack | 2024-08-04 | 5.3 Medium |
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. | ||||
CVE-2020-27623 | 1 Jetbrains | 1 Ideavim | 2024-08-04 | 7.5 High |
JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances. | ||||
CVE-2020-27629 | 1 Jetbrains | 1 Teamcity | 2024-08-04 | 5.3 Medium |
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. | ||||
CVE-2020-27626 | 1 Jetbrains | 1 Youtrack | 2024-08-04 | 5.3 Medium |
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. | ||||
CVE-2020-27627 | 1 Jetbrains | 1 Teamcity | 2024-08-04 | 6.1 Medium |
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. | ||||
CVE-2020-27625 | 1 Jetbrains | 1 Youtrack | 2024-08-04 | 5.3 Medium |
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues. | ||||
CVE-2020-27628 | 1 Jetbrains | 1 Teamcity | 2024-08-04 | 4.3 Medium |
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. | ||||
CVE-2020-27622 | 1 Jetbrains | 1 Intellij Idea | 2024-08-04 | 5.3 Medium |
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version. | ||||
CVE-2020-26129 | 1 Jetbrains | 1 Ktor | 2024-08-04 | 6.5 Medium |
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. | ||||
CVE-2020-25208 | 1 Jetbrains | 1 Youtrack | 2024-08-04 | 5.3 Medium |
In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions. | ||||
CVE-2020-25209 | 1 Jetbrains | 1 Youtrack | 2024-08-04 | 7.5 High |
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API. | ||||
CVE-2020-25207 | 1 Jetbrains | 1 Toolbox | 2024-08-04 | 9.8 Critical |
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. |