Jetbrains: Security Vulnerabilities
In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-02-03
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-02-03
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-11-16
JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-11-16
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
CVSS Score
6.1
EPSS Score
0.0
Published
2020-11-16
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-11-16
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-11-16
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-11-16
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-11-16
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-11-16