Vulnerabilities > Jetbrains > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-08 | CVE-2020-15824 | Improper Privilege Management vulnerability in multiple products In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. | 8.8 |
| 2020-08-08 | CVE-2020-15823 | Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. | 7.5 |
| 2020-08-08 | CVE-2020-15817 | Unspecified vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. | 8.8 |
| 2020-08-08 | CVE-2019-19704 | Unspecified vulnerability in Jetbrains Upsource In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm. | 7.5 |
| 2020-04-22 | CVE-2020-11795 | Insufficient Session Expiration vulnerability in Jetbrains Space In JetBrains Space through 2020-04-22, the session timeout period was configured improperly. | 7.5 |
| 2020-04-22 | CVE-2020-11693 | Unspecified vulnerability in Jetbrains Youtrack JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. | 7.5 |
| 2020-04-22 | CVE-2020-11691 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. | 7.5 |
| 2020-04-22 | CVE-2020-11688 | Insufficient Session Expiration vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session. | 7.5 |
| 2020-04-22 | CVE-2020-11687 | Information Exposure vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages. | 7.5 |
| 2020-04-22 | CVE-2020-11685 | Cleartext Transmission of Sensitive Information vulnerability in Jetbrains Goland In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS. | 7.5 |