Jetbrains: Security Vulnerabilities
JetBrains MPS before 2019.2.2 exposed listening ports to the network.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-10-31
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
CVSS Score
7.2
EPSS Score
0.0
Published
2019-10-02
An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-10-02
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.
CVSS Score
8.8
EPSS Score
0.0
Published
2019-10-02
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-10-02
JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.
CVSS Score
7.3
EPSS Score
0.0
Published
2019-10-02
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-10-02
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-02