Vulnerabilities > Jetbrains

DATE CVE VULNERABILITY TITLE RISK
2024-10-17 CVE-2024-49579 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests
network
low complexity
jetbrains
6.1
2024-10-17 CVE-2024-49580 Unspecified vulnerability in Jetbrains Ktor
In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure
network
low complexity
jetbrains
5.3
2024-10-10 CVE-2024-48902 Missing Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API
network
low complexity
jetbrains CWE-862
5.4
2024-10-08 CVE-2024-47161 Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
network
low complexity
jetbrains CWE-522
6.5
2024-10-08 CVE-2024-47948 Path Traversal vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
network
low complexity
jetbrains CWE-22
7.5
2024-10-08 CVE-2024-47949 Path Traversal vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
network
low complexity
jetbrains CWE-22
7.5
2024-10-08 CVE-2024-47950 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
network
low complexity
jetbrains CWE-79
5.4
2024-10-08 CVE-2024-47951 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
network
low complexity
jetbrains CWE-79
5.4
2024-09-19 CVE-2024-47159 Incorrect Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
network
low complexity
jetbrains CWE-863
4.3
2024-09-19 CVE-2024-47160 Incorrect Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
network
low complexity
jetbrains CWE-863
5.3