Vulnerabilities > Jetbrains > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-22 CVE-2020-11689 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
network
low complexity
jetbrains CWE-276
4.0
2020-04-22 CVE-2020-11688 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
network
low complexity
jetbrains CWE-613
5.0
2020-04-22 CVE-2020-11687 Information Exposure vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
network
low complexity
jetbrains CWE-200
5.0
2020-04-22 CVE-2020-11686 Information Exposure vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
network
low complexity
jetbrains CWE-200
4.0
2020-04-22 CVE-2020-11685 Missing Encryption of Sensitive Data vulnerability in Jetbrains Goland
In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS.
network
low complexity
jetbrains CWE-311
5.0
2020-04-10 CVE-2020-11694 Insufficiently Protected Credentials vulnerability in Jetbrains Pycharm 2019.2.5/2019.3
In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included.
network
low complexity
jetbrains CWE-522
5.0
2020-02-21 CVE-2020-7907 Information Exposure vulnerability in Jetbrains Scala
In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections.
network
low complexity
jetbrains CWE-200
5.0
2020-01-31 CVE-2020-7914 Information Exposure vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network.
network
low complexity
jetbrains CWE-200
5.0
2020-01-30 CVE-2020-7913 Cross-site Scripting vulnerability in Jetbrains Youtrack
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.
network
jetbrains CWE-79
4.3
2020-01-30 CVE-2020-7912 Exposure of Resource to Wrong Sphere vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.
network
low complexity
jetbrains CWE-668
5.0