JetBrains Upsource

Do you want an email whenever new security vulnerabilities are reported in JetBrains Upsource?

By the Year

In 2024 there have been 0 vulnerabilities in JetBrains Upsource . Upsource did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	0	0.00
2022	0	0.00
2021	1	7.50
2020	1	7.50
2019	3	7.07
2018	0	0.00

It may take a day or so for new Upsource vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent JetBrains Upsource Security Vulnerabilities

In JetBrains UpSource before 2020.1.1883

CVE-2021-30482 7.5 - High - May 11, 2021

In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly

Improper Preservation of Permissions

In JetBrains Upsource before 2020.1, information disclosure is possible

CVE-2019-19704 7.5 - High - August 08, 2020

In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm.

Information Disclosure

Server metadata could be exposed

CVE-2019-12156 5.3 - Medium - October 02, 2019

Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293.

Generation of Error Message Containing Sensitive Information

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure

CVE-2019-12157 9.8 - Critical - October 02, 2019

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.

Improper Input Validation

JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments

CVE-2019-14961 6.1 - Medium - October 01, 2019

JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for JetBrains Upsource or by JetBrains? Click the Watch button to subscribe.

JetBrains
Vendor

JetBrains Upsource
Product

By the Year

Recent JetBrains Upsource Security Vulnerabilities

In JetBrains UpSource before 2020.1.1883 CVE-2021-30482 7.5 - High - May 11, 2021

In JetBrains Upsource before 2020.1, information disclosure is possible CVE-2019-19704 7.5 - High - August 08, 2020

Server metadata could be exposed CVE-2019-12156 5.3 - Medium - October 02, 2019

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure CVE-2019-12157 9.8 - Critical - October 02, 2019

JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments CVE-2019-14961 6.1 - Medium - October 01, 2019