Vulnerabilities > Jetbrains

DATE CVE VULNERABILITY TITLE RISK
2024-06-18 CVE-2024-38507 Cross-site Scripting vulnerability in Jetbrains HUB
In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
network
low complexity
jetbrains CWE-79
5.4
2024-06-10 CVE-2024-37051 Insufficiently Protected Credentials vulnerability in Jetbrains products
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
network
low complexity
jetbrains CWE-522
7.5
2024-05-29 CVE-2024-36362 Path Traversal vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible
network
low complexity
jetbrains CWE-22
6.5
2024-05-29 CVE-2024-36363 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible
network
low complexity
jetbrains CWE-79
5.4
2024-05-29 CVE-2024-36364 Incorrect Authorization vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible
network
low complexity
jetbrains CWE-863
6.5
2024-05-29 CVE-2024-36365 Incorrect Authorization vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent
network
low complexity
jetbrains CWE-863
8.1
2024-05-29 CVE-2024-36366 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations
network
low complexity
jetbrains CWE-79
6.1
2024-05-29 CVE-2024-36367 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible
network
low complexity
jetbrains CWE-79
6.1
2024-05-29 CVE-2024-36368 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible
network
low complexity
jetbrains CWE-79
5.4
2024-05-29 CVE-2024-36369 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible
network
low complexity
jetbrains CWE-79
5.4