← Back

Jetbrains

jetbrains

564 CVEs • 38 products

Products (38)

Click to collapse
Toggle
Teamcity
teamcity
269 CVEs
Youtrack
youtrack
108 CVEs
Intellij Idea
intellij_idea
62 CVEs
Hub
hub
33 CVEs
Ktor
ktor
21 CVEs
Toolbox
toolbox
11 CVEs
Pycharm
pycharm
9 CVEs
Rider
rider
8 CVEs
Kotlin
kotlin
6 CVEs
Youtrack Mobile
youtrack_mobile
6 CVEs
Upsource
upsource
5 CVEs
Webstorm
webstorm
5 CVEs
Resharper
resharper
4 CVEs
Goland
goland
4 CVEs
Phpstorm
phpstorm
4 CVEs
Rubymine
rubymine
4 CVEs
Space
space
3 CVEs
Code With Me
code_with_me
3 CVEs
Junie
junie
3 CVEs
Mps
mps
2 CVEs
Clion
clion
2 CVEs
Dottrace
dottrace
2 CVEs
Dotpeek
dotpeek
1 CVE
Resharper Ultimate
resharper_ultimate
1 CVE
Youtrack Integration
youtrack_integration
1 CVE
Vim
vim
1 CVE
Idetalk
idetalk
1 CVE
Scala
scala
1 CVE
Ideavim
ideavim
1 CVE
Jetbrains Gateway
jetbrains_gateway
1 CVE
Aqua
aqua
1 CVE
Datagrip
datagrip
1 CVE
Dataspell
dataspell
1 CVE
Rustrover
rustrover
1 CVE
Etw Host Service
etw_host_service
1 CVE
Runtime
runtime
1 CVE
Ide Services
ide_services
1 CVE
Datalore
datalore
1 CVE

CVEs (564)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-24334
1Jetbrains
1Teamcity
Nov 21, 2024
Feb 25, 2022
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.
CVE-2022-24333
1Jetbrains
1Teamcity
Nov 21, 2024
Feb 25, 2022
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.
CVE-2022-24332
1Jetbrains
1Teamcity
Nov 21, 2024
Feb 25, 2022
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
CVE-2022-24331
1Jetbrains
1Teamcity
Nov 21, 2024
Feb 25, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
CVE-2022-24330
1Jetbrains
1Teamcity
Nov 21, 2024
Feb 25, 2022
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
CVE-2022-24329
2Jetbrains
Oracle
3Communications Cloud Native Core Binding Support Function
Communications Pricing Design CenterKotlin
Nov 21, 2024
Feb 25, 2022
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
CVE-2022-24328
1Jetbrains
1Hub
Nov 21, 2024
Feb 25, 2022
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.
CVE-2022-24327
1Jetbrains
1Hub
Nov 21, 2024
Feb 25, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.
CVE-2021-45977
1Jetbrains
7Clion
GolandIntellij Idea+4 more
Nov 21, 2024
Feb 25, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CL...Show more
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1.Show less
CVE-2021-43202
1Jetbrains
1Teamcity
Nov 21, 2024
Nov 30, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
CVE-2021-43182
1Jetbrains
1Hub
Nov 21, 2024
Nov 9, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.
CVE-2021-43181
1Jetbrains
1Hub
Nov 21, 2024
Nov 9, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
In JetBrains Hub before 2021.1.13690, stored XSS is possible.
CVE-2021-43180
1Jetbrains
1Hub
Nov 21, 2024
Nov 9, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.
CVE-2021-43203
1Jetbrains
1Ktor
Nov 21, 2024
Nov 9, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.
CVE-2021-43201
1Jetbrains
1Teamcity
Nov 21, 2024
Nov 9, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.
CVE-2021-43200
1Jetbrains
1Teamcity
Nov 21, 2024
Nov 9, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
CVE-2021-43199
1Jetbrains
1Teamcity
Nov 21, 2024
Nov 9, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
CVE-2021-43198
1Jetbrains
1Teamcity
Nov 21, 2024
Nov 9, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
CVE-2021-43197
1Jetbrains
1Teamcity
Nov 21, 2024
Nov 9, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
CVE-2021-43196
1Jetbrains
1Teamcity
Nov 21, 2024
Nov 9, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.