Vulnerabilities > Jetbrains > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-02-25 CVE-2022-24337 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
network
low complexity
jetbrains CWE-276
4.0
2022-02-25 CVE-2022-24338 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
network
jetbrains CWE-79
4.3
2022-02-25 CVE-2022-24341 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
network
low complexity
jetbrains CWE-613
5.0
2022-02-25 CVE-2022-24342 Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.
network
jetbrains CWE-352
6.8
2022-02-25 CVE-2022-24343 Incorrect Default Permissions vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
network
low complexity
jetbrains CWE-276
4.0
2022-02-25 CVE-2022-24345 Unspecified vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible.
local
low complexity
jetbrains
4.6
2022-02-25 CVE-2022-24346 Unspecified vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible.
local
low complexity
jetbrains
4.6
2021-11-09 CVE-2021-43180 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.
network
low complexity
jetbrains
5.0
2021-11-09 CVE-2021-43181 Cross-site Scripting vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13690, stored XSS is possible.
network
jetbrains CWE-79
4.3
2021-11-09 CVE-2021-43182 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.
network
low complexity
jetbrains
5.0