Vulnerabilities > Jetbrains > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-17 CVE-2024-49580 Unspecified vulnerability in Jetbrains Ktor
In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure
network
low complexity
jetbrains
5.3
2024-10-10 CVE-2024-48902 Missing Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API
network
low complexity
jetbrains CWE-862
5.4
2024-10-08 CVE-2024-47161 Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
network
low complexity
jetbrains CWE-522
6.5
2024-10-08 CVE-2024-47950 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
network
low complexity
jetbrains CWE-79
5.4
2024-10-08 CVE-2024-47951 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
network
low complexity
jetbrains CWE-79
5.4
2024-09-19 CVE-2024-47159 Incorrect Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
network
low complexity
jetbrains CWE-863
4.3
2024-09-19 CVE-2024-47160 Incorrect Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
network
low complexity
jetbrains CWE-863
5.3
2024-09-19 CVE-2024-47162 Insufficiently Protected Credentials vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
network
low complexity
jetbrains CWE-522
5.3
2024-09-16 CVE-2024-46970 Cross-site Scripting vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible
network
low complexity
jetbrains CWE-79
6.1
2024-08-16 CVE-2024-43807 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
network
low complexity
jetbrains CWE-79
5.4