Vulnerabilities > Jetbrains > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-11-09 CVE-2021-43197 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
network
low complexity
jetbrains CWE-79
6.1
6.1
2021-11-09 CVE-2021-43198 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
network
low complexity
jetbrains CWE-79
5.4
5.4
2021-11-09 CVE-2021-43199 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
network
low complexity
jetbrains CWE-276
5.3
5.3
2021-11-09 CVE-2021-43201 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.
network
low complexity
jetbrains
5.3
5.3
2021-08-06 CVE-2021-37540 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.
network
low complexity
jetbrains
6.5
6.5
2021-08-06 CVE-2021-37541 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Jetbrains HUB
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
network
low complexity
jetbrains CWE-640
6.1
6.1
2021-08-06 CVE-2021-37542 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.2.3, XSS was possible.
network
low complexity
jetbrains CWE-79
6.1
6.1
2021-08-06 CVE-2021-37546 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
network
low complexity
jetbrains CWE-327
5.3
5.3
2021-08-06 CVE-2021-37547 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.
network
low complexity
jetbrains
5.3
5.3
2021-08-06 CVE-2021-37551 Use of Password Hash With Insufficient Computational Effort vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
network
low complexity
jetbrains CWE-916
5.3
5.3