← Back

Jetbrains

jetbrains

564 CVEs • 38 products

Products (38)

Click to collapse
Toggle
Teamcity
teamcity
269 CVEs
Youtrack
youtrack
108 CVEs
Intellij Idea
intellij_idea
62 CVEs
Hub
hub
33 CVEs
Ktor
ktor
21 CVEs
Toolbox
toolbox
11 CVEs
Pycharm
pycharm
9 CVEs
Rider
rider
8 CVEs
Kotlin
kotlin
6 CVEs
Youtrack Mobile
youtrack_mobile
6 CVEs
Upsource
upsource
5 CVEs
Webstorm
webstorm
5 CVEs
Resharper
resharper
4 CVEs
Goland
goland
4 CVEs
Phpstorm
phpstorm
4 CVEs
Rubymine
rubymine
4 CVEs
Space
space
3 CVEs
Code With Me
code_with_me
3 CVEs
Junie
junie
3 CVEs
Mps
mps
2 CVEs
Clion
clion
2 CVEs
Dottrace
dottrace
2 CVEs
Dotpeek
dotpeek
1 CVE
Resharper Ultimate
resharper_ultimate
1 CVE
Youtrack Integration
youtrack_integration
1 CVE
Vim
vim
1 CVE
Idetalk
idetalk
1 CVE
Scala
scala
1 CVE
Ideavim
ideavim
1 CVE
Jetbrains Gateway
jetbrains_gateway
1 CVE
Aqua
aqua
1 CVE
Datagrip
datagrip
1 CVE
Dataspell
dataspell
1 CVE
Rustrover
rustrover
1 CVE
Etw Host Service
etw_host_service
1 CVE
Runtime
runtime
1 CVE
Ide Services
ide_services
1 CVE
Datalore
datalore
1 CVE

CVEs (564)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-12846
1Jetbrains
1Teamcity
Nov 21, 2024
Jul 3, 2019
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2.
CVE-2019-12845
1Jetbrains
1Teamcity
Nov 21, 2024
Jul 3, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.
CVE-2019-12844
1Jetbrains
1Teamcity
Nov 21, 2024
Jul 3, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3.
CVE-2019-12843
1Jetbrains
1Teamcity
Nov 21, 2024
Jul 3, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3.
CVE-2019-12842
1Jetbrains
1Teamcity
Nov 21, 2024
Jul 3, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2.
CVE-2019-12841
1Jetbrains
1Teamcity
Nov 21, 2024
Jul 3, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2.
CVE-2019-10103
1Jetbrains
1Kotlin
Nov 21, 2024
Jul 3, 2019
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in...Show more
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.Show less
CVE-2019-10102
1Jetbrains
2Kotlin
Ktor
Nov 21, 2024
Jul 3, 2019
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed...Show more
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.Show less
CVE-2019-10101
1Jetbrains
1Kotlin
Nov 21, 2024
Jul 3, 2019
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.
CVE-2019-9873
1Jetbrains
1Intellij Idea
Nov 21, 2024
Jul 3, 2019
N/A· v4
9.8 CRITICAL· v3
5.0 MEDIUM· v2
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fi...Show more
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.Show less
CVE-2019-9872
1Jetbrains
1Intellij Idea
Nov 21, 2024
Jul 3, 2019
N/A· v4
8.1 HIGH· v3
4.3 MEDIUM· v2
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files....Show more
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.Show less
CVE-2019-9823
1Jetbrains
1Intellij Idea
Nov 21, 2024
Jul 3, 2019
N/A· v4
9.8 CRITICAL· v3
5.0 MEDIUM· v2
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has bee...Show more
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8.Show less
CVE-2019-9186
1Jetbrains
1Intellij Idea
Nov 21, 2024
Jul 3, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interf...Show more
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.Show less
CVE-2019-12867
1Jetbrains
1Youtrack
Nov 21, 2024
Jul 3, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
CVE-2019-12866
1Jetbrains
1Youtrack
Nov 21, 2024
Jul 3, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
CVE-2019-12851
1Jetbrains
1Youtrack
Nov 21, 2024
Jul 3, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852.
CVE-2019-12850
1Jetbrains
1Youtrack
Nov 21, 2024
Jul 3, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.
CVE-2019-12847
1Jetbrains
1Hub
Nov 21, 2024
Jul 3, 2019
N/A· v4
7.2 HIGH· v3
4.0 MEDIUM· v2
In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the aud...Show more
In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period.Show less
CVE-2019-10104
1Jetbrains
1Intellij Idea
Nov 21, 2024
Jul 3, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configura...Show more
In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.Show less
CVE-2019-10100
1Jetbrains
1Youtrack Integration
Nov 21, 2024
Jul 3, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a vali...Show more
In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-template field to execute code remotely.Show less