U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): jetbrains
  • Search Type: Search All
There are 269 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-29930

SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.

Published: May 12, 2022; 5:15:14 AM -0400
V3.1: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-29929

In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible

Published: May 12, 2022; 5:15:14 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2022-29928

In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible

Published: May 12, 2022; 5:15:14 AM -0400
V3.1: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-29927

In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible

Published: May 12, 2022; 5:15:14 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2022-29821

In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible

Published: April 28, 2022; 6:15:08 AM -0400
V3.1: 7.7 HIGH
V2.0: 4.4 MEDIUM
CVE-2022-29820

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible

Published: April 28, 2022; 6:15:08 AM -0400
V3.1: 3.5 LOW
V2.0: 3.3 LOW
CVE-2022-29819

In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible

Published: April 28, 2022; 6:15:08 AM -0400
V3.1: 7.7 HIGH
V2.0: 4.4 MEDIUM
CVE-2022-29818

In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed

Published: April 28, 2022; 6:15:08 AM -0400
V3.1: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2022-29817

In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible

Published: April 28, 2022; 6:15:08 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2022-29816

In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible

Published: April 28, 2022; 6:15:08 AM -0400
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2022-29815

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible

Published: April 28, 2022; 6:15:08 AM -0400
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2022-29814

In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible

Published: April 28, 2022; 6:15:08 AM -0400
V3.1: 7.7 HIGH
V2.0: 4.4 MEDIUM
CVE-2022-29813

In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible

Published: April 28, 2022; 6:15:08 AM -0400
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2022-29812

In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient

Published: April 28, 2022; 6:15:08 AM -0400
V3.1: 2.3 LOW
V2.0: 2.1 LOW
CVE-2022-29811

In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.

Published: April 28, 2022; 6:15:07 AM -0400
V3.1: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2022-29035

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations

Published: April 11, 2022; 3:15:08 PM -0400
V3.1: 2.7 LOW
V2.0: 4.0 MEDIUM
CVE-2022-28651

In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields

Published: April 05, 2022; 2:15:08 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-28650

In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI

Published: April 05, 2022; 2:15:08 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-28649

In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description

Published: April 05, 2022; 2:15:08 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-28648

In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered

Published: April 05, 2022; 2:15:07 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW