Vulnerabilities > Jetbrains

DATE CVE VULNERABILITY TITLE RISK
2023-03-29 CVE-2022-48430 Unspecified vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.
network
low complexity
jetbrains
7.5
2023-03-29 CVE-2022-48431 Insufficient Verification of Data Authenticity vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation.
local
low complexity
jetbrains CWE-345
7.8
2023-03-29 CVE-2022-48432 Insecure Default Initialization of Resource vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.
local
low complexity
jetbrains CWE-1188
8.8
2023-03-29 CVE-2022-48433 Insufficiently Protected Credentials vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
network
low complexity
jetbrains CWE-522
7.5
2023-03-27 CVE-2022-48427 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible
network
low complexity
jetbrains CWE-79
5.4
2023-03-27 CVE-2022-48428 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible
network
low complexity
jetbrains CWE-79
5.4
2023-03-27 CVE-2022-48426 Cross-site Scripting vulnerability in Jetbrains Teamcity 2022.10.3
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
network
low complexity
jetbrains CWE-79
5.4
2023-03-27 CVE-2022-48429 Cross-site Scripting vulnerability in Jetbrains HUB
In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
network
low complexity
jetbrains CWE-79
5.4
2023-02-23 CVE-2022-48342 Insecure Default Initialization of Resource vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
network
low complexity
jetbrains CWE-1188
critical
9.8
2023-02-23 CVE-2022-48343 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
network
low complexity
jetbrains CWE-79
6.1