Vulnerabilities > Jetbrains > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-02-25 CVE-2022-24328 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.
network
low complexity
jetbrains
6.5
2022-02-25 CVE-2022-24329 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
network
low complexity
jetbrains oracle CWE-829
5.3
2022-02-25 CVE-2022-24330 Open Redirect vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
network
low complexity
jetbrains CWE-601
6.1
2022-02-25 CVE-2022-24332 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
network
low complexity
jetbrains CWE-613
5.3
2022-02-25 CVE-2022-24333 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.
network
low complexity
jetbrains CWE-918
6.5
2022-02-25 CVE-2022-24334 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.
network
low complexity
jetbrains
5.3
2022-02-25 CVE-2022-24336 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
network
low complexity
jetbrains
5.3
2022-02-25 CVE-2022-24337 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
network
low complexity
jetbrains CWE-276
6.5
2022-02-25 CVE-2022-24338 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
network
low complexity
jetbrains CWE-79
6.1
2022-02-25 CVE-2022-24339 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
network
low complexity
jetbrains CWE-79
5.4