Jetbrains: Security Vulnerabilities
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases.
CVSS Score
9.8
EPSS Score
0.0
Published
2020-04-22
In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.
CVSS Score
2.7
EPSS Score
0.0
Published
2020-04-22
JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-10
In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-02-21
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-01-31
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
CVSS Score
5.4
EPSS Score
0.0
Published
2020-01-30