Vulnerabilities > Jetbrains > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-25 | CVE-2022-24442 | Code Injection vulnerability in Jetbrains Youtrack JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. | 9.8 |
| 2022-02-25 | CVE-2022-25260 | Server-Side Request Forgery (SSRF) vulnerability in Jetbrains HUB JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). | 9.1 |
| 2022-02-25 | CVE-2022-25262 | Insufficient Verification of Data Authenticity vulnerability in Jetbrains HUB In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. | 9.8 |
| 2022-02-25 | CVE-2022-25263 | OS Command Injection vulnerability in Jetbrains Teamcity JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. | 9.8 |
| 2022-02-25 | CVE-2021-45977 | Unspecified vulnerability in Jetbrains products JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. | 9.8 |
| 2022-02-25 | CVE-2022-24331 | Unspecified vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. | 9.8 |
| 2022-02-25 | CVE-2022-24340 | XXE vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. | 9.8 |
| 2021-11-30 | CVE-2021-43202 | Unspecified vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases. | 9.8 |
| 2021-11-09 | CVE-2021-43183 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. | 9.8 |
| 2021-11-09 | CVE-2021-43185 | Injection vulnerability in Jetbrains Youtrack JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection. | 9.8 |