Vulnerabilities > Jetbrains

DATE CVE VULNERABILITY TITLE RISK
2022-02-25 CVE-2022-25261 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.
network
low complexity
jetbrains CWE-79
6.1
2022-02-25 CVE-2022-25262 Insufficient Verification of Data Authenticity vulnerability in Jetbrains HUB
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.
network
low complexity
jetbrains CWE-345
critical
9.8
2022-02-25 CVE-2022-25263 OS Command Injection vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.
network
low complexity
jetbrains CWE-78
critical
9.8
2022-02-25 CVE-2022-25264 Insecure Storage of Sensitive Information vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
network
low complexity
jetbrains CWE-922
7.5
2022-02-25 CVE-2021-45977 Unspecified vulnerability in Jetbrains products
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address.
network
low complexity
jetbrains
critical
9.8
2022-02-25 CVE-2022-24327 Incorrect Permission Assignment for Critical Resource vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.
network
low complexity
jetbrains CWE-732
7.5
2022-02-25 CVE-2022-24328 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.
network
low complexity
jetbrains
6.5
2022-02-25 CVE-2022-24329 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
network
low complexity
jetbrains oracle CWE-829
5.3
2022-02-25 CVE-2022-24330 Open Redirect vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
network
low complexity
jetbrains CWE-601
6.1
2022-02-25 CVE-2022-24331 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
network
low complexity
jetbrains
critical
9.8