Jetbrains: Security Vulnerabilities
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-08-08
In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-08-08
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-08-08
In JetBrains Space through 2020-04-22, the session timeout period was configured improperly.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains Space through 2020-04-22, the password authentication implementation was insecure.
CVSS Score
9.8
EPSS Score
0.0
Published
2020-04-22
In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2.
CVSS Score
4.9
EPSS Score
0.0
Published
2020-04-22
JetBrains Space through 2020-04-22 allows stored XSS in Chats.
CVSS Score
5.4
EPSS Score
0.0
Published
2020-04-22
In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
CVSS Score
2.7
EPSS Score
0.0
Published
2020-04-22
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-22