) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): jetbrains
- Search Type: Search All
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-24340 |
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. Published: February 25, 2022; 10:15:10 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2022-24339 |
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. Published: February 25, 2022; 10:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2022-24338 |
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. Published: February 25, 2022; 10:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2022-24337 |
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. Published: February 25, 2022; 10:15:10 AM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-24336 |
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. Published: February 25, 2022; 10:15:10 AM -0500 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2022-24335 |
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC. Published: February 25, 2022; 10:15:10 AM -0500 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
| CVE-2022-24334 |
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. Published: February 25, 2022; 10:15:10 AM -0500 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2022-24333 |
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. Published: February 25, 2022; 10:15:10 AM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-24332 |
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie. Published: February 25, 2022; 10:15:10 AM -0500 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2022-24331 |
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. Published: February 25, 2022; 10:15:09 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2022-24330 |
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. Published: February 25, 2022; 10:15:09 AM -0500 |
V3.1: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
| CVE-2022-24329 |
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. Published: February 25, 2022; 10:15:09 AM -0500 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2022-24328 |
In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. Published: February 25, 2022; 10:15:09 AM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-24327 |
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. Published: February 25, 2022; 10:15:09 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2021-45977 |
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1. Published: February 25, 2022; 10:15:09 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2021-43202 |
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases. Published: November 30, 2021; 11:15:07 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2021-43182 |
In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. Published: November 09, 2021; 11:15:09 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2021-43181 |
In JetBrains Hub before 2021.1.13690, stored XSS is possible. Published: November 09, 2021; 11:15:09 AM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2021-43180 |
In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. Published: November 09, 2021; 11:15:09 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2021-43203 |
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly. Published: November 09, 2021; 10:15:10 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |