Vulnerabilities > Jetbrains > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-30 | CVE-2020-7912 | Exposure of Resource to Wrong Sphere vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups. | 5.0 |
| 2020-01-30 | CVE-2020-7911 | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS. | 4.3 |
| 2020-01-30 | CVE-2020-7909 | Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI. | 5.0 |
| 2020-01-30 | CVE-2020-7908 | Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages. | 4.3 |
| 2020-01-30 | CVE-2020-7906 | Improper Verification of Cryptographic Signature vulnerability in Jetbrains Rider 2019.3.0 In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. | 5.0 |
| 2020-01-30 | CVE-2020-7905 | Information Exposure vulnerability in Jetbrains Intellij Idea Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network. | 5.0 |
| 2020-01-30 | CVE-2020-7904 | Improper Certificate Validation vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS. | 5.8 |
| 2020-01-27 | CVE-2020-5207 | HTTP Request Smuggling vulnerability in Jetbrains Ktor In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator. | 5.0 |
| 2020-01-15 | CVE-2019-18412 | XXE vulnerability in Jetbrains Idetalk JetBrains IDETalk plugin before version 193.4099.10 allows XXE | 5.0 |
| 2019-12-10 | CVE-2019-19703 | Open Redirect vulnerability in Jetbrains Ktor In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. | 5.8 |