Jetbrains : Security Vulnerabilities, CVEs, Published In 2019
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-12-10
Updated
2019-12-13
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
Max CVSS
5.4
EPSS Score
0.13%
Published
2019-12-26
Updated
2020-08-24
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-10-31
Updated
2019-11-01
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.
Max CVSS
7.5
EPSS Score
0.09%
Published
2019-10-31
Updated
2020-08-24
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-10-31
Updated
2019-11-04
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-10-31
Updated
2019-11-04
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
Max CVSS
4.3
EPSS Score
0.08%
Published
2019-10-31
Updated
2019-11-07
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
Max CVSS
9.8
EPSS Score
1.28%
Published
2019-10-31
Updated
2019-11-01
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-10-31
Updated
2021-07-21
JetBrains MPS before 2019.2.2 exposed listening ports to the network.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-10-31
Updated
2021-07-21
JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution.
Max CVSS
5.3
EPSS Score
0.04%
Published
2019-10-31
Updated
2020-08-24
In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-10-31
Updated
2021-07-21
JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.
Max CVSS
7.3
EPSS Score
0.04%
Published
2019-10-02
Updated
2021-07-21
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-02
Updated
2019-10-03
JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.
Max CVSS
6.1
EPSS Score
0.14%
Published
2019-09-05
Updated
2019-09-18
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-10-01
Updated
2019-10-07
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-01
Updated
2019-10-08
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.
Max CVSS
8.8
EPSS Score
0.07%
Published
2019-10-02
Updated
2019-10-03
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
Max CVSS
9.8
EPSS Score
16.94%
Published
2019-10-01
Updated
2020-08-24
An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-10-01
Updated
2020-08-24
An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-02
Updated
2019-10-03
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
Max CVSS
9.0
EPSS Score
0.17%
Published
2019-10-02
Updated
2019-10-03
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
Max CVSS
4.9
EPSS Score
0.07%
Published
2019-10-01
Updated
2021-07-21
JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-01
Updated
2019-10-02
JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-10-01
Updated
2019-10-08