U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): jetbrains
  • Search Type: Search All
There are 364 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2022-47896

In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.

Published: December 22, 2022; 6:15:09 AM -0500 		V3.1: 7.8 HIGH
 V2.0:(not available)
CVE-2022-47895

In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.

Published: December 22, 2022; 6:15:09 AM -0500 		V3.1: 7.5 HIGH
 V2.0:(not available)
CVE-2022-46831

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

Published: December 08, 2022; 1:15:10 PM -0500 		V3.1: 4.9 MEDIUM
 V2.0:(not available)
CVE-2022-46830

In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.

Published: December 08, 2022; 1:15:10 PM -0500 		V3.1: 5.3 MEDIUM
 V2.0:(not available)
CVE-2022-46829

In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.

Published: December 08, 2022; 1:15:10 PM -0500 		V3.1: 8.8 HIGH
 V2.0:(not available)
CVE-2022-46828

In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.

Published: December 08, 2022; 1:15:10 PM -0500 		V3.1: 7.8 HIGH
 V2.0:(not available)
CVE-2022-46827

In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.

Published: December 08, 2022; 1:15:10 PM -0500 		V3.1: 5.5 MEDIUM
 V2.0:(not available)
CVE-2022-46826

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.

Published: December 08, 2022; 1:15:10 PM -0500 		V3.1: 5.5 MEDIUM
 V2.0:(not available)
CVE-2022-46825

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.

Published: December 08, 2022; 1:15:09 PM -0500 		V3.1: 3.3 LOW
 V2.0:(not available)
CVE-2022-46824

In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.

Published: December 08, 2022; 1:15:09 PM -0500 		V3.1: 7.8 HIGH
 V2.0:(not available)
CVE-2022-45471

In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address

Published: November 18, 2022; 10:15:10 AM -0500 		V3.1: 7.5 HIGH
 V2.0:(not available)
CVE-2022-44646

In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings

Published: November 03, 2022; 10:15:36 AM -0400 		V3.1: 5.3 MEDIUM
 V2.0:(not available)
CVE-2022-44624

In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters

Published: November 03, 2022; 10:15:35 AM -0400 		V3.1: 7.5 HIGH
 V2.0:(not available)
CVE-2022-44623

In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings

Published: November 03, 2022; 10:15:34 AM -0400 		V3.1: 7.5 HIGH
 V2.0:(not available)
CVE-2022-44622

In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive

Published: November 03, 2022; 10:15:34 AM -0400 		V3.1: 5.3 MEDIUM
 V2.0:(not available)
CVE-2022-40979

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable

Published: September 23, 2022; 7:15:09 AM -0400 		V3.1: 5.3 MEDIUM
 V2.0:(not available)
CVE-2022-40978

The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking

Published: September 19, 2022; 12:15:12 PM -0400 		V3.1: 7.8 HIGH
 V2.0:(not available)
CVE-2022-38180

In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases

Published: August 12, 2022; 6:15:28 AM -0400 		V3.1: 6.5 MEDIUM
 V2.0:(not available)
CVE-2022-38179

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack

Published: August 12, 2022; 6:15:28 AM -0400 		V3.1: 6.1 MEDIUM
 V2.0:(not available)
CVE-2022-38133

In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases

Published: August 10, 2022; 12:15:08 PM -0400 		V3.1: 5.3 MEDIUM
 V2.0:(not available)