Jetbrains: Security Vulnerabilities
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-08-06
In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.
CVSS Score
5.4
EPSS Score
0.0
Published
2021-08-06
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
CVSS Score
7.5
EPSS Score
0.0
Published
2021-08-06
In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.
CVSS Score
4.3
EPSS Score
0.0
Published
2021-08-06
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
CVSS Score
9.8
EPSS Score
0.0
Published
2021-08-06
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.
CVSS Score
6.5
EPSS Score
0.0
Published
2021-08-06
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
CVSS Score
6.1
EPSS Score
0.0
Published
2021-08-06
In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly
CVSS Score
7.5
EPSS Score
0.0
Published
2021-05-11
In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.
CVSS Score
9.8
EPSS Score
0.0
Published
2021-05-11
In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS.
CVSS Score
7.5
EPSS Score
0.0
Published
2021-05-11