Jetbrains : Security Vulnerabilities, CVEs, CVSS score >= 4
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
Max CVSS
4.1
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
Max CVSS
5.9
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
Max CVSS
5.4
EPSS Score
0.07%
Published
2024-03-28
Updated
2024-04-08
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
Max CVSS
6.8
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-04-08
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
Max CVSS
7.4
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
Max CVSS
6.1
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-04-08
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process
Max CVSS
4.2
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-07
Updated
2024-03-07
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-07
Updated
2024-03-07
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
Max CVSS
5.3
EPSS Score
0.04%
Published
2024-03-07
Updated
2024-03-07
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly
Max CVSS
5.8
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-06
In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-06
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
Max CVSS
7.3
EPSS Score
0.90%
Published
2024-03-04
Updated
2024-03-11
CVE-2024-27198
Known exploited
Public exploit
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Max CVSS
9.8
EPSS Score
97.24%
Published
2024-03-04
Updated
2024-03-11
CISA KEV Added
2024-03-07
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-06
Updated
2024-02-09
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
Max CVSS
5.3
EPSS Score
0.05%
Published
2024-02-06
Updated
2024-02-09
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
Max CVSS
6.1
EPSS Score
0.05%
Published
2024-02-06
Updated
2024-02-09
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
Max CVSS
4.3
EPSS Score
0.05%
Published
2024-02-06
Updated
2024-02-07
In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible
Max CVSS
5.3
EPSS Score
0.05%
Published
2024-02-06
Updated
2024-02-09
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
Max CVSS
5.3
EPSS Score
0.05%
Published
2024-02-06
Updated
2024-02-09
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible
Max CVSS
5.4
EPSS Score
0.05%
Published
2024-02-06
Updated
2024-02-09
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
Max CVSS
5.3
EPSS Score
0.05%
Published
2024-02-06
Updated
2024-02-09
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-06
Updated
2024-02-09
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible
Max CVSS
5.4
EPSS Score
0.05%
Published
2024-01-09
Updated
2024-01-12