Security Vulnerabilities - CVEs Published In April 2020
In JetBrains Space through 2020-04-22, the password authentication implementation was insecure.
CVSS Score
9.8
EPSS Score
0.0
Published
2020-04-22
In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2.
CVSS Score
4.9
EPSS Score
0.0
Published
2020-04-22
JetBrains Space through 2020-04-22 allows stored XSS in Chats.
CVSS Score
5.4
EPSS Score
0.0
Published
2020-04-22
An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing (mode 0 Bluetooth LE security level) The data being transmitted over the air is not encrypted. Adding to this, the data being sent to the smart band doesn't have any authentication or signature verification. Thus, any attacker can control a parameter of the device.
CVSS Score
8.1
EPSS Score
0.013
Published
2020-04-22
In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
CVSS Score
2.7
EPSS Score
0.0
Published
2020-04-22
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases.
CVSS Score
9.8
EPSS Score
0.0
Published
2020-04-22