Jetbrains: Security Vulnerabilities
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
CVSS Score
4.3
EPSS Score
0.0
Published
2023-07-12
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
CVSS Score
6.5
EPSS Score
0.0
Published
2023-07-12
In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases
CVSS Score
3.3
EPSS Score
0.0
Published
2023-07-12
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-06-29
In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
CVSS Score
7.5
EPSS Score
0.0
Published
2023-06-12
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
CVSS Score
4.6
EPSS Score
0.0
Published
2023-06-12
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
CVSS Score
3.3
EPSS Score
0.0
Published
2023-06-01
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
CVSS Score
9.1
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
CVSS Score
4.3
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
CVSS Score
4.6
EPSS Score
0.058
Published
2023-05-31