U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): jetbrains
  • Search Type: Search All
There are 368 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2024-35302

In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible

Published: May 16, 2024; 7:15:48 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-35301

In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token

Published: May 16, 2024; 7:15:47 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-35300

In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible

Published: May 16, 2024; 7:15:47 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-35299

In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation

Published: May 16, 2024; 7:15:47 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-31140

In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools

Published: March 28, 2024; 11:15:48 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-31139

In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector

Published: March 28, 2024; 11:15:48 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-31138

In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings

Published: March 28, 2024; 11:15:47 AM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2024-31137

In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration

Published: March 28, 2024; 11:15:47 AM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2024-31136

In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter

Published: March 28, 2024; 11:15:47 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-31135

In JetBrains TeamCity before 2024.03 open redirect was possible on the login page

Published: March 28, 2024; 11:15:47 AM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2024-31134

In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled

Published: March 28, 2024; 11:15:46 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-29880

In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process

Published: March 21, 2024; 10:15:10 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-28230

In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions

Published: March 07, 2024; 7:15:47 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-28229

In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles

Published: March 07, 2024; 7:15:47 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-28228

In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible

Published: March 07, 2024; 7:15:46 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-28174

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly

Published: March 06, 2024; 12:15:11 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-28173

In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed

Published: March 06, 2024; 12:15:11 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-27199

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

Published: March 04, 2024; 1:15:09 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-27198

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

Published: March 04, 2024; 1:15:09 PM -0500
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-24943

In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image

Published: February 06, 2024; 5:15:11 AM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)