Vulnerabilities > Jetbrains
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-25 | CVE-2022-25259 | Cross-site Scripting vulnerability in Jetbrains HUB JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. | 6.1 |
| 2022-02-25 | CVE-2022-25260 | Server-Side Request Forgery (SSRF) vulnerability in Jetbrains HUB JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). | 9.1 |
| 2022-02-25 | CVE-2022-25261 | Cross-site Scripting vulnerability in Jetbrains Teamcity JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. | 6.1 |
| 2022-02-25 | CVE-2022-25262 | Insufficient Verification of Data Authenticity vulnerability in Jetbrains HUB In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. | 9.8 |
| 2022-02-25 | CVE-2022-25263 | OS Command Injection vulnerability in Jetbrains Teamcity JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. | 9.8 |
| 2022-02-25 | CVE-2022-25264 | Insecure Storage of Sensitive Information vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. | 7.5 |
| 2022-02-25 | CVE-2021-45977 | Unspecified vulnerability in Jetbrains products JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. | 9.8 |
| 2022-02-25 | CVE-2022-24327 | Incorrect Permission Assignment for Critical Resource vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. | 7.5 |
| 2022-02-25 | CVE-2022-24328 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. | 6.5 |
| 2022-02-25 | CVE-2022-24329 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. | 5.3 |