Vulnerabilities > Jetbrains
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-25 | CVE-2022-25261 | Cross-site Scripting vulnerability in Jetbrains Teamcity JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. | 6.1 |
2022-02-25 | CVE-2022-25262 | Insufficient Verification of Data Authenticity vulnerability in Jetbrains HUB In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. | 9.8 |
2022-02-25 | CVE-2022-25263 | OS Command Injection vulnerability in Jetbrains Teamcity JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. | 9.8 |
2022-02-25 | CVE-2022-25264 | Insecure Storage of Sensitive Information vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. | 7.5 |
2022-02-25 | CVE-2021-45977 | Unspecified vulnerability in Jetbrains products JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. | 9.8 |
2022-02-25 | CVE-2022-24327 | Incorrect Permission Assignment for Critical Resource vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. | 7.5 |
2022-02-25 | CVE-2022-24328 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. | 6.5 |
2022-02-25 | CVE-2022-24329 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. | 5.3 |
2022-02-25 | CVE-2022-24330 | Open Redirect vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. | 6.1 |
2022-02-25 | CVE-2022-24331 | Unspecified vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. | 9.8 |