Vulnerabilities > Jetbrains > High

DATE CVE VULNERABILITY TITLE RISK
2020-11-16 CVE-2020-25209 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.
network
low complexity
jetbrains
7.5
2020-11-16 CVE-2020-25013 Unspecified vulnerability in Jetbrains Toolbox
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
network
low complexity
jetbrains
7.5
2020-10-19 CVE-2020-15822 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
network
low complexity
jetbrains CWE-918
7.3
2020-08-08 CVE-2020-15827 Improper Verification of Cryptographic Signature vulnerability in Jetbrains Toolbox 1.17/1.17.6802
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.
network
low complexity
jetbrains CWE-347
7.5
2020-08-08 CVE-2020-15825 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
network
low complexity
jetbrains
8.8
2020-08-08 CVE-2020-15824 Improper Privilege Management vulnerability in multiple products
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue.
network
low complexity
jetbrains oracle CWE-269
8.8
2020-08-08 CVE-2020-15823 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
network
low complexity
jetbrains CWE-918
7.5
2020-08-08 CVE-2020-15817 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.
network
low complexity
jetbrains
8.8
2020-08-08 CVE-2019-19704 Unspecified vulnerability in Jetbrains Upsource
In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm.
network
low complexity
jetbrains
7.5
2020-04-22 CVE-2020-11795 Insufficient Session Expiration vulnerability in Jetbrains Space
In JetBrains Space through 2020-04-22, the session timeout period was configured improperly.
network
low complexity
jetbrains CWE-613
7.5