Vulnerabilities > Jetbrains > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-10-02 CVE-2019-14959 Cleartext Transmission of Sensitive Information vulnerability in Jetbrains Toolbox
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.
network
high complexity
jetbrains CWE-319
5.9
2019-10-02 CVE-2019-14956 Improper Preservation of Permissions vulnerability in Jetbrains Youtrack
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.
network
low complexity
jetbrains CWE-281
4.3
2019-10-02 CVE-2019-12737 Use of Password Hash With Insufficient Computational Effort vulnerability in Jetbrains Ktor
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
network
low complexity
jetbrains CWE-916
5.3
2019-10-02 CVE-2019-12156 Information Exposure Through an Error Message vulnerability in Jetbrains Upsource
Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293.
network
low complexity
jetbrains CWE-209
5.3
2019-10-01 CVE-2019-15041 Open Redirect vulnerability in Jetbrains Youtrack
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.
network
low complexity
jetbrains CWE-601
6.1
2019-10-01 CVE-2019-15035 Unspecified vulnerability in Jetbrains Teamcity 2018.2.4
An issue was discovered in JetBrains TeamCity 2018.2.4.
network
low complexity
jetbrains
4.9
2019-10-01 CVE-2019-14961 Cross-site Scripting vulnerability in Jetbrains Upsource
JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS.
network
low complexity
jetbrains CWE-79
6.1
2019-10-01 CVE-2019-14957 Insecure Storage of Sensitive Information vulnerability in Jetbrains VIM
The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file.
network
low complexity
jetbrains CWE-922
5.3
2019-10-01 CVE-2019-14955 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Jetbrains HUB
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented.
network
low complexity
jetbrains CWE-640
5.3
2019-10-01 CVE-2019-14953 Cross-site Scripting vulnerability in Jetbrains Youtrack
JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser.
network
low complexity
jetbrains CWE-79
6.1