Vulnerabilities > Jetbrains > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-07-22 CVE-2024-41827 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration
network
low complexity
jetbrains CWE-613
critical
 9.8
9.8
2024-03-04 CVE-2024-27198 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
network
low complexity
jetbrains
critical
 9.8
9.8
2024-02-06 CVE-2024-23917 Missing Authentication for Critical Function vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
network
low complexity
jetbrains CWE-306
critical
 9.8
9.8
2023-12-21 CVE-2023-51655 Insufficient Verification of Data Authenticity vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration
network
low complexity
jetbrains CWE-345
critical
 9.8
9.8
2023-10-09 CVE-2023-45612 XXE vulnerability in Jetbrains Ktor
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
network
low complexity
jetbrains CWE-611
critical
 9.8
9.8
2023-10-09 CVE-2023-45613 Improper Certificate Validation vulnerability in Jetbrains Ktor
In JetBrains Ktor before 2.3.5 server certificates were not verified
network
low complexity
jetbrains CWE-295
critical
 9.1
9.1
2023-09-19 CVE-2023-42793 Authentication Bypass Using an Alternate Path or Channel vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
network
low complexity
jetbrains CWE-288
critical
 9.8
9.8
2023-05-31 CVE-2023-34218 Incorrect Authorization vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
network
low complexity
jetbrains CWE-863
critical
 9.8
9.8
2023-04-24 CVE-2022-48477 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains HUB
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
network
low complexity
jetbrains CWE-918
critical
 9.8
9.8
2023-02-23 CVE-2022-48342 Insecure Default Initialization of Resource vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
network
low complexity
jetbrains CWE-1188
critical
 9.8
9.8