← Back

Jetbrains

jetbrains

564 CVEs • 38 products

Products (38)

Click to collapse
Toggle
Teamcity
teamcity
269 CVEs
Youtrack
youtrack
108 CVEs
Intellij Idea
intellij_idea
62 CVEs
Hub
hub
33 CVEs
Ktor
ktor
21 CVEs
Toolbox
toolbox
11 CVEs
Pycharm
pycharm
9 CVEs
Rider
rider
8 CVEs
Kotlin
kotlin
6 CVEs
Youtrack Mobile
youtrack_mobile
6 CVEs
Upsource
upsource
5 CVEs
Webstorm
webstorm
5 CVEs
Resharper
resharper
4 CVEs
Goland
goland
4 CVEs
Phpstorm
phpstorm
4 CVEs
Rubymine
rubymine
4 CVEs
Space
space
3 CVEs
Code With Me
code_with_me
3 CVEs
Junie
junie
3 CVEs
Mps
mps
2 CVEs
Clion
clion
2 CVEs
Dottrace
dottrace
2 CVEs
Dotpeek
dotpeek
1 CVE
Resharper Ultimate
resharper_ultimate
1 CVE
Youtrack Integration
youtrack_integration
1 CVE
Vim
vim
1 CVE
Idetalk
idetalk
1 CVE
Scala
scala
1 CVE
Ideavim
ideavim
1 CVE
Jetbrains Gateway
jetbrains_gateway
1 CVE
Aqua
aqua
1 CVE
Datagrip
datagrip
1 CVE
Dataspell
dataspell
1 CVE
Rustrover
rustrover
1 CVE
Etw Host Service
etw_host_service
1 CVE
Runtime
runtime
1 CVE
Ide Services
ide_services
1 CVE
Datalore
datalore
1 CVE

CVEs (564)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-31135
1Jetbrains
1Teamcity
Nov 21, 2024
Mar 28, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
CVE-2024-31134
1Jetbrains
1Teamcity
Dec 16, 2024
Mar 28, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled
CVE-2024-29880
1Jetbrains
1Teamcity
Dec 16, 2024
Mar 21, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process
CVE-2024-28230
1Jetbrains
1Youtrack
Dec 16, 2024
Mar 7, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions
CVE-2024-28229
1Jetbrains
1Youtrack
Dec 16, 2024
Mar 7, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
CVE-2024-28228
1Jetbrains
1Youtrack
Dec 16, 2024
Mar 7, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
CVE-2024-28174
1Jetbrains
1Teamcity
Dec 16, 2024
Mar 6, 2024
N/A· v4
5.8 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly
CVE-2024-28173
1Jetbrains
1Teamcity
Dec 16, 2024
Mar 6, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed
CVE-2024-27199
1Jetbrains
1Teamcity
Apr 21, 2026
Mar 4, 2024
N/A· v4
7.3 HIGH· v3
N/A· v2
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
CVE-2024-27198
1Jetbrains
1Teamcity
Oct 24, 2025
Mar 4, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
CVE-2024-24943
1Jetbrains
1Toolbox
Nov 21, 2024
Feb 6, 2024
N/A· v4
5.5 MEDIUM· v3
N/A· v2
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image
CVE-2024-24942
1Jetbrains
1Teamcity
Nov 21, 2024
Feb 6, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
CVE-2024-24941
1Jetbrains
1Intellij Idea
Nov 21, 2024
Feb 6, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
CVE-2024-24940
1Jetbrains
1Intellij Idea
May 15, 2025
Feb 6, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
CVE-2024-24939
1Jetbrains
1Rider
Nov 21, 2024
Feb 6, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible
CVE-2024-24938
1Jetbrains
1Teamcity
Nov 21, 2024
Feb 6, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
CVE-2024-24937
1Jetbrains
1Teamcity
Nov 21, 2024
Feb 6, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible
CVE-2024-24936
1Jetbrains
1Teamcity
Nov 21, 2024
Feb 6, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
CVE-2024-23917
1Jetbrains
1Teamcity
Nov 21, 2024
Feb 6, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
CVE-2024-22370
1Jetbrains
1Youtrack
Nov 21, 2024
Jan 9, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible