Jetbrains: Security Vulnerabilities
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
CVSS Score
5.7
EPSS Score
0.0
Published
2022-04-05
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-02-25
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.
CVSS Score
6.1
EPSS Score
0.0
Published
2022-02-25
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
CVSS Score
9.1
EPSS Score
0.001
Published
2022-02-25
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.
CVSS Score
6.1
EPSS Score
0.0
Published
2022-02-25
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-02-25
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-02-25
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-02-25
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
CVSS Score
5.3
EPSS Score
0.0
Published
2022-02-25
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.
CVSS Score
6.5
EPSS Score
0.0
Published
2022-02-25