Jetbrains : Security Vulnerabilities
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration
| Max Base Score | 5.4 |
| Published | 2023-09-19 |
| Updated | 2023-09-21 |
| EPSS | 0.05% |
CVE-2023-42793
Public exploit exists
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
| Max Base Score | 9.8 |
| Published | 2023-09-19 |
| Updated | 2023-10-02 |
| EPSS | 68.16% |
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
| Max Base Score | 6.1 |
| Published | 2023-08-25 |
| Updated | 2023-08-28 |
| EPSS | 0.05% |
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step
| Max Base Score | 6.1 |
| Published | 2023-08-25 |
| Updated | 2023-08-28 |
| EPSS | 0.05% |
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
| Max Base Score | 5.4 |
| Published | 2023-08-25 |
| Updated | 2023-08-28 |
| EPSS | 0.05% |
In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions
| Max Base Score | 7.8 |
| Published | 2023-07-26 |
| Updated | 2023-08-02 |
| EPSS | 0.04% |
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
| Max Base Score | 6.1 |
| Published | 2023-07-25 |
| Updated | 2023-08-01 |
| EPSS | 0.05% |
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers
| Max Base Score | 7.5 |
| Published | 2023-07-25 |
| Updated | 2023-08-01 |
| EPSS | 0.05% |
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
| Max Base Score | 8.8 |
| Published | 2023-07-25 |
| Updated | 2023-08-01 |
| EPSS | 0.05% |
In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases
| Max Base Score | 3.3 |
| Published | 2023-07-12 |
| Updated | 2023-07-20 |
| EPSS | 0.04% |
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
| Max Base Score | 7.3 |
| Published | 2023-07-12 |
| Updated | 2023-07-20 |
| EPSS | 0.05% |
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
| Max Base Score | 6.5 |
| Published | 2023-07-12 |
| Updated | 2023-07-20 |
| EPSS | 0.05% |
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
| Max Base Score | 6.1 |
| Published | 2023-07-12 |
| Updated | 2023-07-20 |
| EPSS | 0.05% |
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
| Max Base Score | 5.4 |
| Published | 2023-07-12 |
| Updated | 2023-07-20 |
| EPSS | 0.05% |
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
| Max Base Score | 6.5 |
| Published | 2023-07-12 |
| Updated | 2023-07-20 |
| EPSS | 0.05% |
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
| Max Base Score | 5.4 |
| Published | 2023-07-12 |
| Updated | 2023-07-20 |
| EPSS | 0.05% |
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations
| Max Base Score | 6.5 |
| Published | 2023-07-12 |
| Updated | 2023-07-20 |
| EPSS | 0.05% |
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
| Max Base Score | 5.4 |
| Published | 2023-07-12 |
| Updated | 2023-07-20 |
| EPSS | 0.05% |
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
| Max Base Score | 5.4 |
| Published | 2023-06-12 |
| Updated | 2023-06-16 |
| EPSS | 0.05% |
In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
| Max Base Score | 7.5 |
| Published | 2023-06-12 |
| Updated | 2023-06-16 |
| EPSS | 0.05% |
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
| Max Base Score | 3.3 |
| Published | 2023-06-01 |
| Updated | 2023-06-08 |
| EPSS | 0.04% |
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
| Max Base Score | 5.4 |
| Published | 2023-05-31 |
| Updated | 2023-06-07 |
| EPSS | 0.05% |
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
| Max Base Score | 6.5 |
| Published | 2023-05-31 |
| Updated | 2023-06-07 |
| EPSS | 0.05% |
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
| Max Base Score | 7.5 |
| Published | 2023-05-31 |
| Updated | 2023-06-02 |
| EPSS | 0.09% |
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
| Max Base Score | 6.1 |
| Published | 2023-05-31 |
| Updated | 2023-06-02 |
| EPSS | 0.05% |