JetBrains JetBrains Creators of IntelliJ IDEA, ReSharper, PyCharm, TeamCity, Kotlin

  1. Vendors
  2. JetBrains
Do you want an email whenever new security vulnerabilities are reported in any JetBrains product?

Products by JetBrains Sorted by Most Security Vulnerabilities since 2018

JetBrains Teamcity148 vulnerabilities

JetBrains Youtrack62 vulnerabilities

JetBrains Intellij Idea46 vulnerabilities

JetBrains Hub25 vulnerabilities

JetBrains Ktor19 vulnerabilities

JetBrains Toolbox6 vulnerabilities

JetBrains Kotlin6 vulnerabilities

JetBrains Upsource5 vulnerabilities

JetBrains Pycharm5 vulnerabilities

JetBrains Rider4 vulnerabilities

JetBrains Code With Me3 vulnerabilities

JetBrains Webstorm3 vulnerabilities

JetBrains Space3 vulnerabilities

JetBrains Phpstorm3 vulnerabilities

JetBrains Rubymine2 vulnerabilities

JetBrains Goland2 vulnerabilities

JetBrains Resharper1 vulnerability

JetBrains Resharper Ultimate1 vulnerability

JetBrains Mps1 vulnerability

JetBrains Scala1 vulnerability

Jetbrains Gateway1 vulnerability

JetBrains Idetalk1 vulnerability

JetBrains Ideavim1 vulnerability

JetBrains Vim1 vulnerability

JetBrains Dotpeek1 vulnerability

JetBrains Clion1 vulnerability

JetBrains Youtrack Integration1 vulnerability

Known Exploited JetBrains Vulnerabilities

The following JetBrains vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
JetBrains TeamCity Authentication Bypass Vulnerability JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions. CVE-2024-27198 March 7, 2024
JetBrains TeamCity Authentication Bypass Vulnerability JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server. CVE-2023-42793 October 4, 2023

By the Year

In 2024 there have been 14 vulnerabilities in JetBrains with an average score of 6.0 out of ten. Last year JetBrains had 53 security vulnerabilities published. Right now, JetBrains is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.54

Year Vulnerabilities Average Score
2024 14 6.02
2023 53 6.56
2022 73 6.45
2021 88 6.66
2020 57 6.52
2019 57 7.08
2018 1 7.80

It may take a day or so for new JetBrains vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent JetBrains Security Vulnerabilities

In JetBrains TeamCity before 2024.03 open redirect was possible on the login page

CVE-2024-31135 6.1 - Medium - March 28, 2024

In JetBrains TeamCity before 2024.03 open redirect was possible on the login page

Open Redirect

In JetBrains TeamCity before 2024.03 reflected XSS was possible

CVE-2024-31137 6.1 - Medium - March 28, 2024

In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration

XSS

In JetBrains TeamCity before 2024.03 xSS was possible

CVE-2024-31138 5.4 - Medium - March 28, 2024

In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings

XSS

In JetBrains TeamCity before 2023.11.4 authentication bypass

CVE-2024-27198 9.8 - Critical - March 04, 2024

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

CVE-2024-23917 9.8 - Critical - February 06, 2024

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

Missing Authentication for Critical Function

In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed

CVE-2024-24936 5.3 - Medium - February 06, 2024

In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed

In JetBrains TeamCity before 2023.11.2 stored XSS

CVE-2024-24937 5.4 - Medium - February 06, 2024

In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible

XSS

In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation

CVE-2024-24938 5.3 - Medium - February 06, 2024

In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation

Directory traversal

In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible

CVE-2024-24939 5.3 - Medium - February 06, 2024

In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible

Insertion of Sensitive Information into Log File

In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL

CVE-2024-24941 5.3 - Medium - February 06, 2024

In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL

Improper Input Validation

In JetBrains TeamCity before 2023.11.3 path traversal

CVE-2024-24942 5.3 - Medium - February 06, 2024

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives

Directory traversal

In JetBrains Toolbox App before 2.2 a DoS attack was possible

CVE-2024-24943 5.5 - Medium - February 06, 2024

In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image

Resource Exhaustion

In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives

CVE-2024-24940 4.3 - Medium - February 06, 2024

In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives

Directory traversal

In JetBrains YouTrack before 2023.3.22666 stored XSS

CVE-2024-22370 5.4 - Medium - January 09, 2024

In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible

XSS

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode

CVE-2023-51655 9.8 - Critical - December 21, 2023

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration

Insufficient Verification of Data Authenticity

In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible

CVE-2023-50870 8.8 - High - December 15, 2023

In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible

Session Riding

In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed

CVE-2023-50871 4.3 - Medium - December 15, 2023

In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE

CVE-2023-45612 9.8 - Critical - October 09, 2023

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE

XXE

In JetBrains Ktor before 2.3.5 server certificates were not verified

CVE-2023-45613 9.1 - Critical - October 09, 2023

In JetBrains Ktor before 2.3.5 server certificates were not verified

Improper Certificate Validation

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

CVE-2023-42793 9.8 - Critical - September 19, 2023

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

Authentication Bypass Using an Alternate Path or Channel

In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration

CVE-2023-43566 5.4 - Medium - September 19, 2023

In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration

XSS

In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration

CVE-2023-41248 5.4 - Medium - August 25, 2023

In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration

XSS

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step

CVE-2023-41249 6.1 - Medium - August 25, 2023

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step

XSS

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration

CVE-2023-41250 6.1 - Medium - August 25, 2023

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration

XSS

In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions

CVE-2023-39261 7.8 - High - July 26, 2023

In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions

Execution with Unnecessary Privileges

In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access

CVE-2023-39173 8.8 - High - July 25, 2023

In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access

Incorrect Privilege Assignment

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible

CVE-2023-39174 7.5 - High - July 25, 2023

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers

ReDoS

In JetBrains TeamCity before 2023.05.2 reflected XSS

CVE-2023-39175 6.1 - Medium - July 25, 2023

In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible

XSS

In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms

CVE-2023-38068 7.3 - High - July 12, 2023

In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms

Insufficient anti-automation

In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases

CVE-2023-38069 3.3 - Low - July 12, 2023

In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases

Improper Check for Unusual or Exceptional Conditions

In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible

CVE-2023-38063 5.4 - Medium - July 12, 2023

In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible

XSS

In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log

CVE-2023-38064 6.5 - Medium - July 12, 2023

In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log

Insertion of Sensitive Information into Log File

In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible

CVE-2023-38065 5.4 - Medium - July 12, 2023

In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible

XSS

In JetBrains TeamCity before 2023.05.1 reflected XSS

CVE-2023-38066 6.1 - Medium - July 12, 2023

In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads

XSS

In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log

CVE-2023-38067 6.5 - Medium - July 12, 2023

In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log

Insertion of Sensitive Information into Log File

In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible

CVE-2023-38061 5.4 - Medium - July 12, 2023

In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible

XSS

In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations

CVE-2023-38062 6.5 - Medium - July 12, 2023

In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations

JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files

CVE-2015-1313 6.5 - Medium - June 29, 2023

JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.

forced browsing

In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible

CVE-2023-35053 7.5 - High - June 12, 2023

In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms

In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible

CVE-2023-35054 5.4 - Medium - June 12, 2023

In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible

XSS

In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message

CVE-2023-34339 3.3 - Low - June 01, 2023

In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message

Generation of Error Message Containing Sensitive Information

In JetBrains TeamCity before 2023.05 authentication checks were missing 2FA was not checked for some sensitive account actions

CVE-2023-34228 6.5 - Medium - May 31, 2023

In JetBrains TeamCity before 2023.05 authentication checks were missing 2FA was not checked for some sensitive account actions

Use of Single-factor Authentication

In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible

CVE-2023-34229 5.4 - Medium - May 31, 2023

In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible

XSS

In JetBrains TeamCity before 2023.05 bypass of permission checks

CVE-2023-34218 9.8 - Critical - May 31, 2023

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible

AuthZ

In JetBrains TeamCity before 2023.05 improper permission checks

CVE-2023-34219 4.3 - Medium - May 31, 2023

In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API

AuthZ

In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible

CVE-2023-34220 5.4 - Medium - May 31, 2023

In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible

XSS

In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible

CVE-2023-34221 5.4 - Medium - May 31, 2023

In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible

XSS

In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible

CVE-2023-34222 6.1 - Medium - May 31, 2023

In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible

XSS

In JetBrains TeamCity before 2023.05 parameters of the "password" type

CVE-2023-34223 5.3 - Medium - May 31, 2023

In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases

Insertion of Sensitive Information into Log File

In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible

CVE-2023-34224 4.8 - Medium - May 31, 2023

In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible

Open Redirect

In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks

CVE-2023-34227 7.5 - High - May 31, 2023

In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks

Exposed Dangerous Method or Function

In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible

CVE-2023-34225 5.4 - Medium - May 31, 2023

In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible

XSS

In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible

CVE-2023-34226 6.1 - Medium - May 31, 2023

In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible

XSS

In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible

CVE-2022-48476 7.5 - High - April 24, 2023

In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible

Directory traversal

In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing

CVE-2022-48477 9.8 - Critical - April 24, 2023

In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing

XSPA

In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file

CVE-2022-48435 3.3 - Low - April 04, 2023

In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file

Insertion of Sensitive Information into Log File

In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed

CVE-2022-48430 7.5 - High - March 29, 2023

In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.

In JetBrains IntelliJ IDEA before 2023.1 in some cases

CVE-2022-48431 7.8 - High - March 29, 2023

In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the Trust Project confirmation.

Insufficient Verification of Data Authenticity

In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.

CVE-2022-48432 8.8 - High - March 29, 2023

In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.

Insecure Default Initialization of Resource

In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.

CVE-2022-48433 7.5 - High - March 29, 2023

In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.

Insufficiently Protected Credentials

In JetBrains TeamCity before 2022.10.3 stored XSS on Pending changes and Changes tabs was possible

CVE-2022-48427 5.4 - Medium - March 27, 2023

In JetBrains TeamCity before 2022.10.3 stored XSS on Pending changes and Changes tabs was possible

XSS

In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible

CVE-2022-48428 5.4 - Medium - March 27, 2023

In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible

XSS

In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible

CVE-2022-48426 5.4 - Medium - March 27, 2023

In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible

XSS

In JetBrains Hub before 2022.3.15573

CVE-2022-48429 5.4 - Medium - March 27, 2023

In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible

XSS

In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.

CVE-2022-48342 9.8 - Critical - February 23, 2023

In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.

Insecure Default Initialization of Resource

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

CVE-2022-48343 6.1 - Medium - February 23, 2023

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

XSS

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.

CVE-2022-48344 6.1 - Medium - February 23, 2023

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.

XSS

In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.

CVE-2022-47896 7.8 - High - December 22, 2022

In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.

Code Injection

In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.

CVE-2022-47895 7.5 - High - December 22, 2022

In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.

Cleartext Transmission of Sensitive Information

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.

CVE-2022-46825 3.3 - Low - December 08, 2022

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.

Inadequate Encryption Strength

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server

CVE-2022-46826 5.5 - Medium - December 08, 2022

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.

Directory traversal

In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF

CVE-2022-46827 5.5 - Medium - December 08, 2022

In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.

XXE

In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.

CVE-2022-46829 8.8 - High - December 08, 2022

In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.

authentification

In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint

CVE-2022-46830 5.3 - Medium - December 08, 2022

In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.

XSPA

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain"

CVE-2022-46831 4.9 - Medium - December 08, 2022

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

Insecure Default Initialization of Resource

In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address

CVE-2022-45471 7.5 - High - November 18, 2022

In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address

Allocation of Resources Without Limits or Throttling

In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive

CVE-2022-44622 5.3 - Medium - November 03, 2022

In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive

In JetBrains TeamCity version before 2022.10

CVE-2022-44623 7.5 - High - November 03, 2022

In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings

In JetBrains TeamCity version before 2022.10

CVE-2022-44624 7.5 - High - November 03, 2022

In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters

Insertion of Sensitive Information into Log File

In JetBrains TeamCity version before 2022.10

CVE-2022-44646 5.3 - Medium - November 03, 2022

In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable

CVE-2022-40979 5.3 - Medium - September 23, 2022

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable

Insertion of Sensitive Information into Log File

The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking

CVE-2022-40978 7.8 - High - September 19, 2022

The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking

DLL preloading

In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases

CVE-2022-38180 6.5 - Medium - August 12, 2022

In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases

authentification

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack

CVE-2022-38179 6.1 - Medium - August 12, 2022

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack

Incorrect Comparison

In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases

CVE-2022-38133 5.3 - Medium - August 10, 2022

In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases

Insertion of Sensitive Information into Log File

In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed

CVE-2022-37396 7.8 - High - August 03, 2022

In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution

In JetBrains IntelliJ IDEA before 2022.2 local code execution

CVE-2022-37009 7.8 - High - July 28, 2022

In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible

Code Injection

In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed

CVE-2022-37010 3.3 - Low - July 28, 2022

In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed

Improper Input Validation

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases

CVE-2022-36321 6.5 - Medium - July 20, 2022

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases

Insertion of Sensitive Information into Log File

In JetBrains TeamCity before 2022.04.2 build parameter injection was possible

CVE-2022-36322 8.8 - High - July 20, 2022

In JetBrains TeamCity before 2022.04.2 build parameter injection was possible

Argument Injection

In JetBrains Hub before 2022.2.14799, insufficient access control

CVE-2022-34894 5.3 - Medium - July 01, 2022

In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services

In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible

CVE-2022-29928 4.9 - Medium - May 12, 2022

In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible

Insertion of Sensitive Information into Log File

SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value

CVE-2022-29930 4.9 - Medium - May 12, 2022

SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.

Use of Insufficiently Random Values

In JetBrains TeamCity before 2022.04 potential XSS

CVE-2022-29929 6.1 - Medium - May 12, 2022

In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible

XSS

In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible

CVE-2022-29927 6.1 - Medium - May 12, 2022

In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible

XSS

In JetBrains IntelliJ IDEA before 2022.1 reflected XSS

CVE-2022-29817 6.1 - Medium - April 28, 2022

In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible

XSS

In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient

CVE-2022-29812 2.3 - Low - April 28, 2022

In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible

CVE-2022-29820 3.5 - Low - April 28, 2022

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible

Exposure of Resource to Wrong Sphere

In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed

CVE-2022-29818 7.1 - High - April 28, 2022

In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed

Origin Validation Error

In JetBrains IntelliJ IDEA before 2022.1 local code execution

CVE-2022-29819 7.7 - High - April 28, 2022

In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible

Code Injection

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.