Jetbrains: Security Vulnerabilities
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint
CVSS Score
6.5
EPSS Score
0.0
Published
2025-01-21
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping
CVSS Score
6.7
EPSS Score
0.0
Published
2025-01-21
In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs
CVSS Score
5.5
EPSS Score
0.0
Published
2025-01-21
In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
CVSS Score
7.1
EPSS Score
0.0
Published
2025-01-21
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
CVSS Score
4.6
EPSS Score
0.223
Published
2025-01-21
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies
CVSS Score
5.5
EPSS Score
0.0
Published
2024-12-20
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission
CVSS Score
5.5
EPSS Score
0.0
Published
2024-12-20
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
CVSS Score
4.6
EPSS Score
0.28
Published
2024-12-20
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
CVSS Score
5.9
EPSS Score
0.0
Published
2024-12-20
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
CVSS Score
5.3
EPSS Score
0.0
Published
2024-12-20