Jetbrains: Security Vulnerabilities
In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
CVSS Score
2.7
EPSS Score
0.0
Published
2020-04-22
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases.
CVSS Score
9.8
EPSS Score
0.0
Published
2020-04-22
In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.
CVSS Score
2.7
EPSS Score
0.0
Published
2020-04-22
JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-10