Vulnerabilities > Jetbrains

DATE CVE VULNERABILITY TITLE RISK
2020-04-22 CVE-2020-11688 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
network
low complexity
jetbrains CWE-613
7.5
2020-04-22 CVE-2020-11687 Information Exposure vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
network
low complexity
jetbrains CWE-200
7.5
2020-04-22 CVE-2020-11686 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
network
low complexity
jetbrains
2.7
2020-04-22 CVE-2020-11685 Cleartext Transmission of Sensitive Information vulnerability in Jetbrains Goland
In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS.
network
low complexity
jetbrains CWE-319
7.5
2020-04-22 CVE-2020-11416 Cross-site Scripting vulnerability in Jetbrains Space
JetBrains Space through 2020-04-22 allows stored XSS in Chats.
network
low complexity
jetbrains CWE-79
5.4
2020-04-10 CVE-2020-11694 Insufficiently Protected Credentials vulnerability in Jetbrains Pycharm 2019.2.5/2019.3
In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included.
network
low complexity
jetbrains CWE-522
7.5
2020-02-21 CVE-2020-7907 Cleartext Transmission of Sensitive Information vulnerability in Jetbrains Scala
In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections.
network
low complexity
jetbrains CWE-319
7.5
2020-01-31 CVE-2020-7914 Unspecified vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network.
network
low complexity
jetbrains
7.5
2020-01-30 CVE-2020-7913 Cross-site Scripting vulnerability in Jetbrains Youtrack
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.
network
low complexity
jetbrains CWE-79
6.1
2020-01-30 CVE-2020-7912 Exposure of Resource to Wrong Sphere vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.
network
low complexity
jetbrains CWE-668
5.3