Jetbrains: Security Vulnerabilities
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-01-30
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.
CVSS Score
5.4
EPSS Score
0.0
Published
2020-01-27
JetBrains IDETalk plugin before version 193.4099.10 allows XXE
CVSS Score
7.5
EPSS Score
0.0
Published
2020-01-15
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
CVSS Score
5.4
EPSS Score
0.0
Published
2019-12-26
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-12-10
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.
CVSS Score
7.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
CVSS Score
4.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31