Jetbrains: Security Vulnerabilities
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process
CVSS Score
4.2
EPSS Score
0.0
Published
2024-03-21
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
CVSS Score
6.5
EPSS Score
0.0
Published
2024-03-07
In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions
CVSS Score
6.5
EPSS Score
0.0
Published
2024-03-07
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
CVSS Score
5.3
EPSS Score
0.0
Published
2024-03-07
In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed
CVSS Score
4.3
EPSS Score
0.0
Published
2024-03-06
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly
CVSS Score
5.8
EPSS Score
0.0
Published
2024-03-06
CVE-2024-27198
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Known exploited
CVSS Score
9.8
EPSS Score
0.93
Published
2024-03-04
CVE-2024-27199
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
Known exploited
CVSS Score
7.3
EPSS Score
0.914
Published
2024-03-04
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
CVSS Score
6.1
EPSS Score
0.0
Published
2024-02-06
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
CVSS Score
5.3
EPSS Score
0.0
Published
2024-02-06