Jetbrains: Security Vulnerabilities
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-02-03
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.
CVSS Score
7.5
EPSS Score
0.0
Published
2021-02-03
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
CVSS Score
9.8
EPSS Score
0.0
Published
2021-02-03
In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.
CVSS Score
4.3
EPSS Score
0.0
Published
2021-02-03
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-02-03
JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.
CVSS Score
6.1
EPSS Score
0.0
Published
2021-02-03
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.
CVSS Score
4.3
EPSS Score
0.0
Published
2021-02-03
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.
CVSS Score
3.8
EPSS Score
0.0
Published
2021-02-03
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
CVSS Score
7.5
EPSS Score
0.0
Published
2021-02-03
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-02-03