Vulnerabilities > Jetbrains > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-03 | CVE-2019-12852 | Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack An SSRF attack was possible on a JetBrains YouTrack server. | 7.5 |
2019-07-03 | CVE-2019-10103 | Missing Encryption of Sensitive Data vulnerability in Jetbrains Kotlin JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. | 8.1 |
2019-07-03 | CVE-2019-10102 | Cleartext Transmission of Sensitive Information vulnerability in Jetbrains Kotlin and Ktor JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. | 8.1 |
2019-07-03 | CVE-2019-10101 | Cleartext Transmission of Sensitive Information vulnerability in Jetbrains Kotlin JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. | 8.1 |
2019-07-03 | CVE-2019-9186 | Improper Input Validation vulnerability in Jetbrains Intellij Idea In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). | 7.5 |
2019-07-03 | CVE-2019-12867 | Unspecified vulnerability in Jetbrains Youtrack Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. | 7.5 |
2019-07-03 | CVE-2019-12866 | Authorization Bypass Through User-Controlled Key vulnerability in Jetbrains Youtrack An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. | 7.5 |
2019-07-03 | CVE-2019-12850 | SQL Injection vulnerability in Jetbrains Youtrack A query injection was possible in JetBrains YouTrack. | 7.5 |
2019-07-03 | CVE-2019-10104 | Unspecified vulnerability in Jetbrains Intellij Idea In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. | 7.5 |
2019-07-03 | CVE-2019-10100 | Code Injection vulnerability in Jetbrains Youtrack Integration In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. | 7.5 |