Jetbrains: Security Vulnerabilities
In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-08-27
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-08-08
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-08-08
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-08-08
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-08-08
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-08-08
In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-08-08
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-08-08
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-08-08
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-08-08