Jetbrains: Security Vulnerabilities
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
CVSS Score
9.8
EPSS Score
0.0
Published
2021-11-09
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.
CVSS Score
9.8
EPSS Score
0.0
Published
2021-11-09
In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.
CVSS Score
5.4
EPSS Score
0.0
Published
2021-11-09
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
CVSS Score
9.8
EPSS Score
0.0
Published
2021-11-09
In JetBrains TeamCity before 2020.2.3, XSS was possible.
CVSS Score
6.1
EPSS Score
0.0
Published
2021-08-06
In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects.
CVSS Score
8.8
EPSS Score
0.0
Published
2021-08-06
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.
CVSS Score
9.8
EPSS Score
0.0
Published
2021-08-06
In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.
CVSS Score
7.5
EPSS Score
0.0
Published
2021-08-06
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-08-06
In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-08-06