Jetbrains: Security Vulnerabilities
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-02-03
In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.
CVSS Score
8.8
EPSS Score
0.0
Published
2021-02-03
In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-02-03
In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-02-03
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-02-03
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-11-16
JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-11-16
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
CVSS Score
6.1
EPSS Score
0.0
Published
2020-11-16
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-11-16
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-11-16