Vulnerabilities > Jetbrains > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-10-31 CVE-2019-18366 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
network
low complexity
jetbrains CWE-276
5.3
2019-10-31 CVE-2019-18365 Improper Privilege Management vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
network
low complexity
jetbrains CWE-269
4.3
2019-10-31 CVE-2019-18363 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
network
low complexity
jetbrains
5.3
2019-10-31 CVE-2019-18362 Unspecified vulnerability in Jetbrains MPS
JetBrains MPS before 2019.2.2 exposed listening ports to the network.
network
low complexity
jetbrains
5.3
2019-10-31 CVE-2019-18361 Unspecified vulnerability in Jetbrains Intellij Idea
JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution.
local
low complexity
jetbrains
5.3
2019-10-31 CVE-2019-18360 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.
network
low complexity
jetbrains
5.3
2019-10-02 CVE-2019-16171 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.
network
low complexity
jetbrains CWE-79
6.1
2019-10-02 CVE-2019-15037 Cross-site Scripting vulnerability in Jetbrains Teamcity 2018.2.4
An issue was discovered in JetBrains TeamCity 2018.2.4.
network
low complexity
jetbrains CWE-79
6.1
2019-10-02 CVE-2019-14959 Cleartext Transmission of Sensitive Information vulnerability in Jetbrains Toolbox
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.
network
high complexity
jetbrains CWE-319
5.9
2019-10-02 CVE-2019-14956 Improper Preservation of Permissions vulnerability in Jetbrains Youtrack
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.
network
low complexity
jetbrains CWE-281
4.3