← Back

Jetbrains

jetbrains

564 CVEs • 38 products

Products (38)

Click to collapse
Toggle
Teamcity
teamcity
269 CVEs
Youtrack
youtrack
108 CVEs
Intellij Idea
intellij_idea
62 CVEs
Hub
hub
33 CVEs
Ktor
ktor
21 CVEs
Toolbox
toolbox
11 CVEs
Pycharm
pycharm
9 CVEs
Rider
rider
8 CVEs
Kotlin
kotlin
6 CVEs
Youtrack Mobile
youtrack_mobile
6 CVEs
Upsource
upsource
5 CVEs
Webstorm
webstorm
5 CVEs
Resharper
resharper
4 CVEs
Goland
goland
4 CVEs
Phpstorm
phpstorm
4 CVEs
Rubymine
rubymine
4 CVEs
Space
space
3 CVEs
Code With Me
code_with_me
3 CVEs
Junie
junie
3 CVEs
Mps
mps
2 CVEs
Clion
clion
2 CVEs
Dottrace
dottrace
2 CVEs
Dotpeek
dotpeek
1 CVE
Resharper Ultimate
resharper_ultimate
1 CVE
Youtrack Integration
youtrack_integration
1 CVE
Vim
vim
1 CVE
Idetalk
idetalk
1 CVE
Scala
scala
1 CVE
Ideavim
ideavim
1 CVE
Jetbrains Gateway
jetbrains_gateway
1 CVE
Aqua
aqua
1 CVE
Datagrip
datagrip
1 CVE
Dataspell
dataspell
1 CVE
Rustrover
rustrover
1 CVE
Etw Host Service
etw_host_service
1 CVE
Runtime
runtime
1 CVE
Ide Services
ide_services
1 CVE
Datalore
datalore
1 CVE

CVEs (564)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-48477
1Jetbrains
1Hub
Nov 21, 2024
Apr 24, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
CVE-2022-48476
1Jetbrains
1Ktor
Nov 21, 2024
Apr 24, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
CVE-2022-48435
1Jetbrains
1Phpstorm
Nov 21, 2024
Apr 4, 2023
N/A· v4
3.3 LOW· v3
N/A· v2
In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file
CVE-2022-48433
1Jetbrains
1Intellij Idea
Nov 21, 2024
Mar 29, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
CVE-2022-48432
1Jetbrains
1Intellij Idea
Nov 21, 2024
Mar 29, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.
CVE-2022-48431
1Jetbrains
1Intellij Idea
Nov 21, 2024
Mar 29, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation.
CVE-2022-48430
1Jetbrains
1Intellij Idea
Nov 21, 2024
Mar 29, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.
CVE-2022-48428
1Jetbrains
1Teamcity
Nov 21, 2024
Mar 27, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible
CVE-2022-48427
1Jetbrains
1Teamcity
Nov 21, 2024
Mar 27, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible
CVE-2022-48429
1Jetbrains
1Hub
Nov 21, 2024
Mar 27, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
CVE-2022-48426
1Jetbrains
1Teamcity
Nov 21, 2024
Mar 27, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
CVE-2022-48344
1Jetbrains
1Teamcity
Nov 21, 2024
Feb 23, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
CVE-2022-48343
1Jetbrains
1Teamcity
Nov 21, 2024
Feb 23, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
CVE-2022-48342
1Jetbrains
1Teamcity
Nov 21, 2024
Feb 23, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
CVE-2022-47896
1Jetbrains
1Intellij Idea
Nov 21, 2024
Dec 22, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.
CVE-2022-47895
1Jetbrains
1Intellij Idea
Nov 21, 2024
Dec 22, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.
CVE-2022-46831
1Jetbrains
1Teamcity
Nov 21, 2024
Dec 8, 2022
N/A· v4
4.9 MEDIUM· v3
N/A· v2
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system admi...Show more
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.Show less
CVE-2022-46830
1Jetbrains
1Teamcity
Nov 21, 2024
Dec 8, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
CVE-2022-46829
1Jetbrains
1Jetbrains Gateway
Nov 21, 2024
Dec 8, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.
CVE-2022-46828
1Jetbrains
1Intellij Idea
Nov 21, 2024
Dec 8, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.