Jetbrains: Security Vulnerabilities
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-08-08
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-08-08
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-08-08
In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-08-08
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-08-08
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-08-08
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-08-08
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.
CVSS Score
6.1
EPSS Score
0.0
Published
2020-08-08
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
CVSS Score
6.1
EPSS Score
0.0
Published
2020-08-08
In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-08-08