Vulnerabilities > Jetbrains

DATE CVE VULNERABILITY TITLE RISK
2022-04-28 CVE-2022-29820 Exposure of Resource to Wrong Sphere vulnerability in Jetbrains Pycharm
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible
low complexity
jetbrains CWE-668
3.5
3.5
2022-04-28 CVE-2022-29821 Code Injection vulnerability in Jetbrains Pycharm
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible
local
low complexity
jetbrains CWE-94
7.7
7.7
2022-04-11 CVE-2022-29035 Use of Insufficiently Random Values vulnerability in Jetbrains Ktor
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations
network
low complexity
jetbrains CWE-330
2.7
2.7
2022-04-05 CVE-2022-28648 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
network
low complexity
jetbrains CWE-79
5.4
5.4
2022-04-05 CVE-2022-28649 Improper Restriction of Rendered UI Layers or Frames vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
network
low complexity
jetbrains CWE-1021
5.4
5.4
2022-04-05 CVE-2022-28650 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
network
low complexity
jetbrains CWE-79
5.4
5.4
2022-04-05 CVE-2022-28651 Insufficiently Protected Credentials vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields
local
low complexity
jetbrains CWE-522
5.5
5.5
2022-02-25 CVE-2022-24442 Code Injection vulnerability in Jetbrains Youtrack
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
network
low complexity
jetbrains CWE-94
critical
 9.8
9.8
2022-02-25 CVE-2022-25259 Cross-site Scripting vulnerability in Jetbrains HUB
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.
network
low complexity
jetbrains CWE-79
6.1
6.1
2022-02-25 CVE-2022-25260 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains HUB
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
network
low complexity
jetbrains CWE-918
critical
 9.1
9.1