Jetbrains

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-50575 1Jetbrains 1Youtrack Oct 29, 2024 Oct 28, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
CVE-2024-50574 1Jetbrains 1Youtrack Oct 29, 2024 Oct 28, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality
CVE-2024-50573 1Jetbrains 1Hub Oct 29, 2024 Oct 28, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
CVE-2024-49580 1Jetbrains 1Ktor Dec 6, 2024 Oct 17, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure
CVE-2024-49579 1Jetbrains 1Youtrack Nov 14, 2024 Oct 17, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests
CVE-2024-48902 1Jetbrains 1Youtrack Oct 16, 2024 Oct 10, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API
CVE-2024-47951 1Jetbrains 1Teamcity Oct 11, 2024 Oct 8, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
CVE-2024-47950 1Jetbrains 1Teamcity Oct 11, 2024 Oct 8, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
CVE-2024-47949 1Jetbrains 1Teamcity Oct 11, 2024 Oct 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
CVE-2024-47948 1Jetbrains 1Teamcity Oct 11, 2024 Oct 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
CVE-2024-47161 1Jetbrains 1Teamcity Oct 11, 2024 Oct 8, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
CVE-2024-47162 1Jetbrains 1Youtrack Sep 24, 2024 Sep 19, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
CVE-2024-47160 1Jetbrains 1Youtrack Sep 24, 2024 Sep 19, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
CVE-2024-47159 1Jetbrains 1Youtrack Sep 24, 2024 Sep 19, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
CVE-2024-46970 1Jetbrains 1Intellij Idea Sep 20, 2024 Sep 16, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible
CVE-2024-43810 1Jetbrains 1Teamcity Aug 19, 2024 Aug 16, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
CVE-2024-43809 1Jetbrains 1Teamcity Aug 19, 2024 Aug 16, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
CVE-2024-43808 1Jetbrains 1Teamcity Aug 19, 2024 Aug 16, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
CVE-2024-43807 1Jetbrains 1Teamcity Aug 19, 2024 Aug 16, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
CVE-2024-43114 1Jetbrains 1Teamcity Sep 11, 2024 Aug 6, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions

Previous 1...789...29 Next