Jetbrains: Security Vulnerabilities
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
CVSS Score
5.4
EPSS Score
0.0
Published
2019-12-26
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-12-10
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.
CVSS Score
7.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
CVSS Score
4.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
JetBrains MPS before 2019.2.2 exposed listening ports to the network.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31