Jetbrains: Security Vulnerabilities
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
CVSS Score
4.3
EPSS Score
0.0
Published
2025-07-28
In JetBrains YouTrack before 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
CVSS Score
6.1
EPSS Score
0.0
Published
2025-07-28
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
CVSS Score
5.4
EPSS Score
0.0
Published
2025-07-28
In JetBrains YouTrack before 2025.2.86069,
2024.3.85077,
2025.1.86199 email spoofing via an administrative API was possible
CVSS Score
7.6
EPSS Score
0.0
Published
2025-07-15
In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible
CVSS Score
5.4
EPSS Score
0.001
Published
2025-06-23
In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible
CVSS Score
5.4
EPSS Score
0.001
Published
2025-06-23
In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
CVSS Score
4.8
EPSS Score
0.0
Published
2025-06-23
In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
CVSS Score
4.3
EPSS Score
0.0
Published
2025-06-23
In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
CVSS Score
4.8
EPSS Score
0.0
Published
2025-06-23
In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-20