CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Jetbrains : Security Vulnerabilities Published In 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-19703 601 2019-12-10 2019-12-13
5.8
None Remote Medium Not required Partial Partial None
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
2 CVE-2019-19389 74 Http R.Spl. 2019-12-26 2020-08-24
3.5
None Remote Medium ??? None Partial None
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
3 CVE-2019-18369 276 2019-10-31 2019-11-01
5.0
None Remote Low Not required None Partial None
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
4 CVE-2019-18368 2019-10-31 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.
5 CVE-2019-18367 276 2019-10-31 2019-11-04
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
6 CVE-2019-18366 276 2019-10-31 2019-11-04
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
7 CVE-2019-18365 2019-10-31 2019-11-07
4.3
None Remote Medium Not required Partial None None
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
8 CVE-2019-18364 502 Exec Code 2019-10-31 2019-11-01
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
9 CVE-2019-18363 200 +Info 2019-10-31 2019-11-01
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
10 CVE-2019-18362 200 +Info 2019-10-31 2019-11-05
5.0
None Remote Low Not required Partial None None
JetBrains MPS before 2019.2.2 exposed listening ports to the network.
11 CVE-2019-18361 Exec Code 2019-10-31 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution.
12 CVE-2019-18360 200 +Info 2019-10-31 2019-11-05
5.0
None Remote Low Not required Partial None None
In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.
13 CVE-2019-16407 426 2019-10-02 2019-10-09
4.4
None Local Medium Not required Partial Partial Partial
JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.
14 CVE-2019-16171 79 XSS 2019-10-02 2019-10-03
4.3
None Remote Medium Not required None Partial None
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.
15 CVE-2019-15848 79 XSS 2019-09-05 2019-09-18
4.3
None Remote Medium Not required None Partial None
JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.
16 CVE-2019-15042 295 2019-10-01 2019-10-07
5.0
None Remote Low Not required None Partial None
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.
17 CVE-2019-15041 601 2019-10-01 2019-10-08
5.8
None Remote Medium Not required Partial Partial None
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.
18 CVE-2019-15040 352 CSRF 2019-10-02 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.
19 CVE-2019-15039 22 Exec Code Dir. Trav. 2019-10-01 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
20 CVE-2019-15038 2019-10-01 2020-08-24
5.0
None Remote Low Not required None Partial None
An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.
21 CVE-2019-15037 79 XSS 2019-10-02 2019-10-03
4.3
None Remote Medium Not required None Partial None
An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1.
22 CVE-2019-15036 78 Exec Code 2019-10-02 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
23 CVE-2019-15035 200 +Info 2019-10-01 2019-10-08
4.0
None Remote Low ??? Partial None None
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
24 CVE-2019-14961 79 XSS 2019-10-01 2019-10-02
4.3
None Remote Medium Not required None Partial None
JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS.
25 CVE-2019-14960 426 2019-10-01 2019-10-08
4.6
None Local Low Not required Partial Partial Partial
JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file.
26 CVE-2019-14959 311 2019-10-02 2019-10-04
4.3
None Remote Medium Not required Partial None None
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.
27 CVE-2019-14958 770 2019-10-02 2020-08-24
5.0
None Remote Low Not required None None Partial
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation.
28 CVE-2019-14957 922 2019-10-01 2019-10-08
5.0
None Remote Low Not required Partial None None
The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository.
29 CVE-2019-14956 281 2019-10-02 2019-10-03
4.0
None Remote Low ??? Partial None None
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.
30 CVE-2019-14955 640 2019-10-01 2019-10-08
5.0
None Remote Low Not required None Partial None
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented.
31 CVE-2019-14954 311 2019-10-01 2019-10-08
4.3
None Remote Medium Not required Partial None None
JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection.
32 CVE-2019-14952 79 XSS 2019-10-01 2019-10-02
4.3
None Remote Medium Not required None Partial None
JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles.
33 CVE-2019-12867 2019-07-03 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
34 CVE-2019-12866 639 Bypass 2019-07-03 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
35 CVE-2019-12852 918 2019-07-03 2019-07-10
7.5
None Remote Low Not required Partial Partial Partial
An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.
36 CVE-2019-12851 352 CSRF 2019-07-03 2019-07-10
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852.
37 CVE-2019-12850 89 Sql 2019-07-03 2019-07-10
7.5
None Remote Low Not required Partial Partial Partial
A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.
38 CVE-2019-12847 522 2019-07-03 2020-08-24
4.0
None Remote Low ??? Partial None None
In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period.
39 CVE-2019-12846 2019-07-03 2020-08-24
4.0
None Remote Low ??? None Partial None
A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2.
40 CVE-2019-12845 287 2019-07-03 2020-08-24
5.0
None Remote Low Not required None Partial None
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.
41 CVE-2019-12844 94 2019-07-03 2020-08-24
4.3
None Remote Medium Not required None Partial None
A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3.
42 CVE-2019-12843 94 2019-07-03 2020-08-24
4.3
None Remote Medium Not required None Partial None
A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3.
43 CVE-2019-12842 79 XSS 2019-07-03 2019-07-05
4.3
None Remote Medium Not required None Partial None
A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2.
44 CVE-2019-12841 20 2019-07-03 2019-07-09
5.0
None Remote Low Not required None Partial None
Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2.
45 CVE-2019-12737 916 2019-10-02 2019-10-08
5.0
None Remote Low Not required Partial None None
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
46 CVE-2019-12736 77 2019-10-02 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.
47 CVE-2019-12157 20 2019-10-02 2021-01-26
10.0
None Remote Low Not required Complete Complete Complete
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
48 CVE-2019-12156 209 2019-10-02 2019-10-08
5.0
None Remote Low Not required Partial None None
Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293.
49 CVE-2019-10104 Exec Code 2019-07-03 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.
50 CVE-2019-10103 311 2019-07-03 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.
Total number of vulnerabilities : 57   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.