U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): jetbrains
  • Search Type: Search All
There are 364 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2024-31140

In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools

Published: March 28, 2024; 11:15:48 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-31139

In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector

Published: March 28, 2024; 11:15:48 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-31138

In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings

Published: March 28, 2024; 11:15:47 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2024-31137

In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration

Published: March 28, 2024; 11:15:47 AM -0400 		V3.1: 6.1 MEDIUM
 V2.0:(not available)
CVE-2024-31136

In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter

Published: March 28, 2024; 11:15:47 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-31135

In JetBrains TeamCity before 2024.03 open redirect was possible on the login page

Published: March 28, 2024; 11:15:47 AM -0400 		V3.1: 6.1 MEDIUM
 V2.0:(not available)
CVE-2024-31134

In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled

Published: March 28, 2024; 11:15:46 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-29880

In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process

Published: March 21, 2024; 10:15:10 AM -0400 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-28230

In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions

Published: March 07, 2024; 7:15:47 AM -0500 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-28229

In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles

Published: March 07, 2024; 7:15:47 AM -0500 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-28228

In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible

Published: March 07, 2024; 7:15:46 AM -0500 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-28174

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly

Published: March 06, 2024; 12:15:11 PM -0500 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-28173

In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed

Published: March 06, 2024; 12:15:11 PM -0500 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-27199

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

Published: March 04, 2024; 1:15:09 PM -0500 		V3.x:(not available)
 V2.0:(not available)
CVE-2024-27198

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

Published: March 04, 2024; 1:15:09 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2024-24943

In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image

Published: February 06, 2024; 5:15:11 AM -0500 		V3.1: 5.5 MEDIUM
 V2.0:(not available)
CVE-2024-24942

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives

Published: February 06, 2024; 5:15:11 AM -0500 		V3.1: 5.3 MEDIUM
 V2.0:(not available)
CVE-2024-24941

In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL

Published: February 06, 2024; 5:15:11 AM -0500 		V3.1: 5.3 MEDIUM
 V2.0:(not available)
CVE-2024-24940

In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives

Published: February 06, 2024; 5:15:10 AM -0500 		V3.1: 4.3 MEDIUM
 V2.0:(not available)
CVE-2024-24939

In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible

Published: February 06, 2024; 5:15:10 AM -0500 		V3.1: 5.3 MEDIUM
 V2.0:(not available)