Vulnerabilities > Jetbrains

DATE CVE VULNERABILITY TITLE RISK
2023-03-29 CVE-2022-48433 Insufficiently Protected Credentials vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
network
low complexity
jetbrains CWE-522
7.5
7.5
2023-03-27 CVE-2022-48427 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible
network
low complexity
jetbrains CWE-79
5.4
5.4
2023-03-27 CVE-2022-48428 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible
network
low complexity
jetbrains CWE-79
5.4
5.4
2023-03-27 CVE-2022-48426 Cross-site Scripting vulnerability in Jetbrains Teamcity 2022.10.3
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
network
low complexity
jetbrains CWE-79
5.4
5.4
2023-03-27 CVE-2022-48429 Cross-site Scripting vulnerability in Jetbrains HUB
In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
network
low complexity
jetbrains CWE-79
5.4
5.4
2023-02-23 CVE-2022-48342 Insecure Default Initialization of Resource vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
network
low complexity
jetbrains CWE-1188
critical
 9.8
9.8
2023-02-23 CVE-2022-48343 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
network
low complexity
jetbrains CWE-79
6.1
6.1
2023-02-23 CVE-2022-48344 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
network
low complexity
jetbrains CWE-79
6.1
6.1
2022-12-22 CVE-2022-47895 Cleartext Transmission of Sensitive Information vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.
network
low complexity
jetbrains CWE-319
7.5
7.5
2022-12-22 CVE-2022-47896 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.
local
low complexity
jetbrains CWE-94
7.8
7.8