Vulnerabilities > Jetbrains

DATE CVE VULNERABILITY TITLE RISK
2021-08-06 CVE-2021-36209 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
network
low complexity
jetbrains CWE-640
7.5
2021-08-06 CVE-2021-37540 Inadequate Encryption Strength vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.
network
low complexity
jetbrains CWE-326
6.4
2021-08-06 CVE-2021-37541 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
network
jetbrains CWE-640
4.3
2021-08-06 CVE-2021-37542 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.2.3, XSS was possible.
network
jetbrains CWE-79
4.3
2021-08-06 CVE-2021-37543 Unspecified vulnerability in Jetbrains Rubymine
In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects.
network
low complexity
jetbrains
6.5
2021-08-06 CVE-2021-37544 Deserialization of Untrusted Data vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.
network
low complexity
jetbrains CWE-502
7.5
2021-08-06 CVE-2021-37545 Improper Authentication vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.
network
low complexity
jetbrains CWE-287
5.0
2021-08-06 CVE-2021-37546 Inadequate Encryption Strength vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
network
low complexity
jetbrains CWE-326
5.0
2021-08-06 CVE-2021-37547 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.
network
low complexity
jetbrains
5.0
2021-08-06 CVE-2021-37548 Cleartext Storage of Sensitive Information vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.
network
low complexity
jetbrains CWE-312
5.0