Jetbrains : Security Vulnerabilities, CVEs, Published In October 2019
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-10-31
Updated
2019-11-01
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.
Max CVSS
7.5
EPSS Score
0.09%
Published
2019-10-31
Updated
2020-08-24
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-10-31
Updated
2019-11-04
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-10-31
Updated
2019-11-04
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
Max CVSS
4.3
EPSS Score
0.08%
Published
2019-10-31
Updated
2019-11-07
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
Max CVSS
9.8
EPSS Score
1.28%
Published
2019-10-31
Updated
2019-11-01
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-10-31
Updated
2021-07-21
JetBrains MPS before 2019.2.2 exposed listening ports to the network.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-10-31
Updated
2021-07-21
JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution.
Max CVSS
5.3
EPSS Score
0.04%
Published
2019-10-31
Updated
2020-08-24
In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-10-31
Updated
2021-07-21
JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.
Max CVSS
7.3
EPSS Score
0.04%
Published
2019-10-02
Updated
2021-07-21
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-02
Updated
2019-10-03
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-10-01
Updated
2019-10-07
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-01
Updated
2019-10-08
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.
Max CVSS
8.8
EPSS Score
0.07%
Published
2019-10-02
Updated
2019-10-03
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
Max CVSS
9.8
EPSS Score
16.94%
Published
2019-10-01
Updated
2020-08-24
An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-10-01
Updated
2020-08-24
An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-02
Updated
2019-10-03
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
Max CVSS
9.0
EPSS Score
0.17%
Published
2019-10-02
Updated
2019-10-03
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
Max CVSS
4.9
EPSS Score
0.07%
Published
2019-10-01
Updated
2021-07-21
JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-01
Updated
2019-10-02
JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-10-01
Updated
2019-10-08
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.
Max CVSS
5.9
EPSS Score
0.17%
Published
2019-10-02
Updated
2021-07-21
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation.
Max CVSS
7.5
EPSS Score
0.10%
Published
2019-10-02
Updated
2020-08-24
The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-10-01
Updated
2019-10-08