Jetbrains: Security Vulnerabilities
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.
CVSS Score
7.5
EPSS Score
0.0
Published
2019-10-01
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-01
The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-01
JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-10-01
An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.
CVSS Score
7.5
EPSS Score
0.0
Published
2019-10-01
JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-10-01
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
CVSS Score
9.8
EPSS Score
0.002
Published
2019-10-01
JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection.
CVSS Score
5.9
EPSS Score
0.0
Published
2019-10-01
JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-10-01
JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-09-05