Vulnerabilities > Jetbrains > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-05-11 CVE-2021-31909 Argument Injection or Modification vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
network
low complexity
jetbrains CWE-88
critical
 9.8
9.8
2021-02-03 CVE-2021-25770 Code Injection vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
network
low complexity
jetbrains CWE-94
critical
 9.8
9.8
2020-11-16 CVE-2020-25207 Unspecified vulnerability in Jetbrains Toolbox
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.
network
low complexity
jetbrains
critical
 9.8
9.8
2020-04-22 CVE-2020-11796 Improper Authentication vulnerability in Jetbrains Space
In JetBrains Space through 2020-04-22, the password authentication implementation was insecure.
network
low complexity
jetbrains CWE-287
critical
 9.8
9.8
2020-04-22 CVE-2020-11690 Unspecified vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases.
network
low complexity
jetbrains
critical
 9.8
9.8
2019-10-31 CVE-2019-18364 Deserialization of Untrusted Data vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
network
low complexity
jetbrains CWE-502
critical
 9.8
9.8
2019-10-02 CVE-2019-12736 Command Injection vulnerability in Jetbrains Ktor
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.
network
low complexity
jetbrains CWE-77
critical
 9.8
9.8
2019-10-02 CVE-2019-12157 Improper Input Validation vulnerability in Jetbrains Teamcity
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
network
low complexity
jetbrains CWE-20
critical
 9.8
9.8
2019-10-01 CVE-2019-15039 Path Traversal vulnerability in Jetbrains Teamcity 2018.2.4
An issue was discovered in JetBrains TeamCity 2018.2.4.
network
low complexity
jetbrains CWE-22
critical
 9.8
9.8
2019-07-03 CVE-2019-12852 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack
An SSRF attack was possible on a JetBrains YouTrack server.
network
low complexity
jetbrains CWE-918
critical
 9.8
9.8