JetBrains Creators of IntelliJ IDEA, ReSharper, PyCharm, TeamCity, Kotlin
Products by JetBrains Sorted by Most Security Vulnerabilities since 2018
Known Exploited JetBrains Vulnerabilities
The following JetBrains vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
JetBrains TeamCity Authentication Bypass Vulnerability | JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions. CVE-2024-27198 | March 7, 2024 |
JetBrains TeamCity Authentication Bypass Vulnerability | JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server. CVE-2023-42793 | October 4, 2023 |
By the Year
In 2024 there have been 14 vulnerabilities in JetBrains with an average score of 6.0 out of ten. Last year JetBrains had 53 security vulnerabilities published. Right now, JetBrains is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.54
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 14 | 6.02 |
2023 | 53 | 6.56 |
2022 | 73 | 6.45 |
2021 | 88 | 6.66 |
2020 | 57 | 6.52 |
2019 | 57 | 7.08 |
2018 | 1 | 7.80 |
It may take a day or so for new JetBrains vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent JetBrains Security Vulnerabilities
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
CVE-2024-31135
6.1 - Medium
- March 28, 2024
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
Open Redirect
In JetBrains TeamCity before 2024.03 reflected XSS was possible
CVE-2024-31137
6.1 - Medium
- March 28, 2024
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
XSS
In JetBrains TeamCity before 2024.03 xSS was possible
CVE-2024-31138
5.4 - Medium
- March 28, 2024
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
XSS
In JetBrains TeamCity before 2023.11.4 authentication bypass
CVE-2024-27198
9.8 - Critical
- March 04, 2024
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
CVE-2024-23917
9.8 - Critical
- February 06, 2024
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
Missing Authentication for Critical Function
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
CVE-2024-24936
5.3 - Medium
- February 06, 2024
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
In JetBrains TeamCity before 2023.11.2 stored XSS
CVE-2024-24937
5.4 - Medium
- February 06, 2024
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible
XSS
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
CVE-2024-24938
5.3 - Medium
- February 06, 2024
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
Directory traversal
In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible
CVE-2024-24939
5.3 - Medium
- February 06, 2024
In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible
Insertion of Sensitive Information into Log File
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
CVE-2024-24941
5.3 - Medium
- February 06, 2024
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
Improper Input Validation
In JetBrains TeamCity before 2023.11.3 path traversal
CVE-2024-24942
5.3 - Medium
- February 06, 2024
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
Directory traversal
In JetBrains Toolbox App before 2.2 a DoS attack was possible
CVE-2024-24943
5.5 - Medium
- February 06, 2024
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image
Resource Exhaustion
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
CVE-2024-24940
4.3 - Medium
- February 06, 2024
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
Directory traversal
In JetBrains YouTrack before 2023.3.22666 stored XSS
CVE-2024-22370
5.4 - Medium
- January 09, 2024
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible
XSS
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode
CVE-2023-51655
9.8 - Critical
- December 21, 2023
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration
Insufficient Verification of Data Authenticity
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible
CVE-2023-50870
8.8 - High
- December 15, 2023
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible
Session Riding
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed
CVE-2023-50871
4.3 - Medium
- December 15, 2023
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
CVE-2023-45612
9.8 - Critical
- October 09, 2023
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
XXE
In JetBrains Ktor before 2.3.5 server certificates were not verified
CVE-2023-45613
9.1 - Critical
- October 09, 2023
In JetBrains Ktor before 2.3.5 server certificates were not verified
Improper Certificate Validation
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
CVE-2023-42793
9.8 - Critical
- September 19, 2023
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Authentication Bypass Using an Alternate Path or Channel
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration
CVE-2023-43566
5.4 - Medium
- September 19, 2023
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration
XSS
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
CVE-2023-41248
5.4 - Medium
- August 25, 2023
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
XSS
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step
CVE-2023-41249
6.1 - Medium
- August 25, 2023
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step
XSS
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
CVE-2023-41250
6.1 - Medium
- August 25, 2023
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
XSS
In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions
CVE-2023-39261
7.8 - High
- July 26, 2023
In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions
Execution with Unnecessary Privileges
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
CVE-2023-39173
8.8 - High
- July 25, 2023
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
Incorrect Privilege Assignment
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible
CVE-2023-39174
7.5 - High
- July 25, 2023
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers
ReDoS
In JetBrains TeamCity before 2023.05.2 reflected XSS
CVE-2023-39175
6.1 - Medium
- July 25, 2023
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
XSS
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
CVE-2023-38068
7.3 - High
- July 12, 2023
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
Insufficient anti-automation
In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases
CVE-2023-38069
3.3 - Low
- July 12, 2023
In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases
Improper Check for Unusual or Exceptional Conditions
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
CVE-2023-38063
5.4 - Medium
- July 12, 2023
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
XSS
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
CVE-2023-38064
6.5 - Medium
- July 12, 2023
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
Insertion of Sensitive Information into Log File
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
CVE-2023-38065
5.4 - Medium
- July 12, 2023
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
XSS
In JetBrains TeamCity before 2023.05.1 reflected XSS
CVE-2023-38066
6.1 - Medium
- July 12, 2023
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
XSS
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
CVE-2023-38067
6.5 - Medium
- July 12, 2023
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
Insertion of Sensitive Information into Log File
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
CVE-2023-38061
5.4 - Medium
- July 12, 2023
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
XSS
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations
CVE-2023-38062
6.5 - Medium
- July 12, 2023
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files
CVE-2015-1313
6.5 - Medium
- June 29, 2023
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
forced browsing
In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible
CVE-2023-35053
7.5 - High
- June 12, 2023
In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
CVE-2023-35054
5.4 - Medium
- June 12, 2023
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
XSS
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
CVE-2023-34339
3.3 - Low
- June 01, 2023
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
Generation of Error Message Containing Sensitive Information
In JetBrains TeamCity before 2023.05 authentication checks were missing 2FA was not checked for some sensitive account actions
CVE-2023-34228
6.5 - Medium
- May 31, 2023
In JetBrains TeamCity before 2023.05 authentication checks were missing 2FA was not checked for some sensitive account actions
Use of Single-factor Authentication
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
CVE-2023-34229
5.4 - Medium
- May 31, 2023
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
XSS
In JetBrains TeamCity before 2023.05 bypass of permission checks
CVE-2023-34218
9.8 - Critical
- May 31, 2023
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
AuthZ
In JetBrains TeamCity before 2023.05 improper permission checks
CVE-2023-34219
4.3 - Medium
- May 31, 2023
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
AuthZ
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
CVE-2023-34220
5.4 - Medium
- May 31, 2023
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
XSS
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
CVE-2023-34221
5.4 - Medium
- May 31, 2023
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
XSS
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
CVE-2023-34222
6.1 - Medium
- May 31, 2023
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
XSS
In JetBrains TeamCity before 2023.05 parameters of the "password" type
CVE-2023-34223
5.3 - Medium
- May 31, 2023
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
Insertion of Sensitive Information into Log File
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
CVE-2023-34224
4.8 - Medium
- May 31, 2023
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
Open Redirect
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
CVE-2023-34227
7.5 - High
- May 31, 2023
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
Exposed Dangerous Method or Function
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
CVE-2023-34225
5.4 - Medium
- May 31, 2023
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
XSS
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
CVE-2023-34226
6.1 - Medium
- May 31, 2023
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
XSS
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
CVE-2022-48476
7.5 - High
- April 24, 2023
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
Directory traversal
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
CVE-2022-48477
9.8 - Critical
- April 24, 2023
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
XSPA
In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file
CVE-2022-48435
3.3 - Low
- April 04, 2023
In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file
Insertion of Sensitive Information into Log File
In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed
CVE-2022-48430
7.5 - High
- March 29, 2023
In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.
In JetBrains IntelliJ IDEA before 2023.1 in some cases
CVE-2022-48431
7.8 - High
- March 29, 2023
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the Trust Project confirmation.
Insufficient Verification of Data Authenticity
In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.
CVE-2022-48432
8.8 - High
- March 29, 2023
In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.
Insecure Default Initialization of Resource
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
CVE-2022-48433
7.5 - High
- March 29, 2023
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
Insufficiently Protected Credentials
In JetBrains TeamCity before 2022.10.3 stored XSS on Pending changes and Changes tabs was possible
CVE-2022-48427
5.4 - Medium
- March 27, 2023
In JetBrains TeamCity before 2022.10.3 stored XSS on Pending changes and Changes tabs was possible
XSS
In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible
CVE-2022-48428
5.4 - Medium
- March 27, 2023
In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible
XSS
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
CVE-2022-48426
5.4 - Medium
- March 27, 2023
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
XSS
In JetBrains Hub before 2022.3.15573
CVE-2022-48429
5.4 - Medium
- March 27, 2023
In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
XSS
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
CVE-2022-48342
9.8 - Critical
- February 23, 2023
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
Insecure Default Initialization of Resource
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
CVE-2022-48343
6.1 - Medium
- February 23, 2023
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
XSS
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
CVE-2022-48344
6.1 - Medium
- February 23, 2023
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
XSS
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.
CVE-2022-47896
7.8 - High
- December 22, 2022
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.
Code Injection
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.
CVE-2022-47895
7.5 - High
- December 22, 2022
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.
Cleartext Transmission of Sensitive Information
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.
CVE-2022-46825
3.3 - Low
- December 08, 2022
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.
Inadequate Encryption Strength
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server
CVE-2022-46826
5.5 - Medium
- December 08, 2022
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.
Directory traversal
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF
CVE-2022-46827
5.5 - Medium
- December 08, 2022
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.
XXE
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.
CVE-2022-46829
8.8 - High
- December 08, 2022
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.
authentification
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint
CVE-2022-46830
5.3 - Medium
- December 08, 2022
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
XSPA
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain"
CVE-2022-46831
4.9 - Medium
- December 08, 2022
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.
Insecure Default Initialization of Resource
In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address
CVE-2022-45471
7.5 - High
- November 18, 2022
In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address
Allocation of Resources Without Limits or Throttling
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
CVE-2022-44622
5.3 - Medium
- November 03, 2022
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
In JetBrains TeamCity version before 2022.10
CVE-2022-44623
7.5 - High
- November 03, 2022
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings
In JetBrains TeamCity version before 2022.10
CVE-2022-44624
7.5 - High
- November 03, 2022
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
Insertion of Sensitive Information into Log File
In JetBrains TeamCity version before 2022.10
CVE-2022-44646
5.3 - Medium
- November 03, 2022
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
CVE-2022-40979
5.3 - Medium
- September 23, 2022
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
Insertion of Sensitive Information into Log File
The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking
CVE-2022-40978
7.8 - High
- September 19, 2022
The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking
DLL preloading
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases
CVE-2022-38180
6.5 - Medium
- August 12, 2022
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases
authentification
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack
CVE-2022-38179
6.1 - Medium
- August 12, 2022
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack
Incorrect Comparison
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases
CVE-2022-38133
5.3 - Medium
- August 10, 2022
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases
Insertion of Sensitive Information into Log File
In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed
CVE-2022-37396
7.8 - High
- August 03, 2022
In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution
In JetBrains IntelliJ IDEA before 2022.2 local code execution
CVE-2022-37009
7.8 - High
- July 28, 2022
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible
Code Injection
In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed
CVE-2022-37010
3.3 - Low
- July 28, 2022
In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed
Improper Input Validation
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases
CVE-2022-36321
6.5 - Medium
- July 20, 2022
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases
Insertion of Sensitive Information into Log File
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible
CVE-2022-36322
8.8 - High
- July 20, 2022
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible
Argument Injection
In JetBrains Hub before 2022.2.14799, insufficient access control
CVE-2022-34894
5.3 - Medium
- July 01, 2022
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible
CVE-2022-29928
4.9 - Medium
- May 12, 2022
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible
Insertion of Sensitive Information into Log File
SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value
CVE-2022-29930
4.9 - Medium
- May 12, 2022
SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.
Use of Insufficiently Random Values
In JetBrains TeamCity before 2022.04 potential XSS
CVE-2022-29929
6.1 - Medium
- May 12, 2022
In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible
XSS
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
CVE-2022-29927
6.1 - Medium
- May 12, 2022
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
XSS
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS
CVE-2022-29817
6.1 - Medium
- April 28, 2022
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible
XSS
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient
CVE-2022-29812
2.3 - Low
- April 28, 2022
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible
CVE-2022-29820
3.5 - Low
- April 28, 2022
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible
Exposure of Resource to Wrong Sphere
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed
CVE-2022-29818
7.1 - High
- April 28, 2022
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed
Origin Validation Error