Jetbrains

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-56353 1Jetbrains 1Teamcity Jan 2, 2025 Dec 20, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies
CVE-2024-56352 1Jetbrains 1Teamcity Jan 2, 2025 Dec 20, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page
CVE-2024-56351 1Jetbrains 1Teamcity Jan 2, 2025 Dec 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles
CVE-2024-56350 1Jetbrains 1Teamcity Jan 2, 2025 Dec 20, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
CVE-2024-56349 1Jetbrains 1Teamcity Jan 2, 2025 Dec 20, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
CVE-2024-56348 1Jetbrains 1Teamcity Jan 2, 2025 Dec 20, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
CVE-2024-54158 1Jetbrains 1Youtrack Jan 30, 2025 Dec 4, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
CVE-2024-54157 1Jetbrains 1Youtrack Jan 30, 2025 Dec 4, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
CVE-2024-54156 1Jetbrains 1Youtrack Jan 30, 2025 Dec 4, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
CVE-2024-54155 1Jetbrains 1Youtrack Jan 31, 2025 Dec 4, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
CVE-2024-54154 1Jetbrains 1Youtrack Jan 31, 2025 Dec 4, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
CVE-2024-54153 1Jetbrains 1Youtrack Jan 31, 2025 Dec 4, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
CVE-2024-52555 1Jetbrains 1Webstorm Jan 31, 2025 Nov 15, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script
CVE-2024-50582 1Jetbrains 1Youtrack Oct 29, 2024 Oct 28, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements
CVE-2024-50581 1Jetbrains 1Youtrack Oct 29, 2024 Oct 28, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag
CVE-2024-50580 1Jetbrains 1Youtrack Oct 29, 2024 Oct 28, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule
CVE-2024-50579 1Jetbrains 1Youtrack Oct 29, 2024 Oct 28, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible
CVE-2024-50578 1Jetbrains 1Youtrack Oct 29, 2024 Oct 28, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page
CVE-2024-50577 1Jetbrains 1Youtrack Oct 29, 2024 Oct 28, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
CVE-2024-50576 1Jetbrains 1Youtrack Oct 29, 2024 Oct 28, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest

Previous 1...678...29 Next