Vulnerabilities > Jetbrains > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-08-27 CVE-2020-24618 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.
network
low complexity
jetbrains
4.0
2020-08-08 CVE-2020-15831 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
network
jetbrains CWE-79
4.3
2020-08-08 CVE-2020-15830 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.
network
jetbrains CWE-79
4.3
2020-08-08 CVE-2020-15829 Information Exposure vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.
network
low complexity
jetbrains CWE-200
5.0
2020-08-08 CVE-2020-15828 Information Exposure vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.
network
low complexity
jetbrains CWE-200
4.0
2020-08-08 CVE-2020-15827 Improper Verification of Cryptographic Signature vulnerability in Jetbrains Toolbox 1.17/1.17.6802
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.
network
low complexity
jetbrains CWE-347
5.0
2020-08-08 CVE-2020-15826 Incorrect Authorization vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.
network
low complexity
jetbrains CWE-863
4.0
2020-08-08 CVE-2020-15825 Improper Privilege Management vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
network
low complexity
jetbrains CWE-269
6.5
2020-08-08 CVE-2020-15823 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
network
low complexity
jetbrains CWE-918
5.0
2020-08-08 CVE-2020-15821 Incorrect Default Permissions vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
network
low complexity
jetbrains CWE-276
4.0