Vulnerabilities > Jetbrains > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-02-03 CVE-2021-25763 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.
network
low complexity
jetbrains CWE-327
5.3
2021-02-03 CVE-2021-25762 HTTP Request Smuggling vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
network
low complexity
jetbrains CWE-444
5.3
2021-02-03 CVE-2021-25761 Inadequate Encryption Strength vulnerability in Jetbrains Ktor
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.
network
low complexity
jetbrains CWE-326
5.3
2021-02-03 CVE-2021-25760 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.
network
low complexity
jetbrains
5.3
2021-02-03 CVE-2021-25759 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user.
network
low complexity
jetbrains
6.5
2021-02-03 CVE-2021-25757 Open Redirect vulnerability in Jetbrains HUB
In JetBrains Hub before 2020.1.12629, an open redirect was possible.
network
low complexity
jetbrains CWE-601
6.1
2021-02-03 CVE-2021-25756 Unspecified vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS.
network
low complexity
jetbrains
5.3
2021-02-03 CVE-2020-29582 Incorrect Default Permissions vulnerability in multiple products
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation.
network
low complexity
jetbrains oracle CWE-276
5.3
2021-02-03 CVE-2020-25208 Incorrect Default Permissions vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.
network
low complexity
jetbrains CWE-276
5.3
2020-11-16 CVE-2020-27627 Injection vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
network
low complexity
jetbrains CWE-74
6.1