Vulnerabilities > Jetbrains > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-22 | CVE-2020-11689 | Incorrect Default Permissions vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file. | 4.0 |
| 2020-04-22 | CVE-2020-11688 | Insufficient Session Expiration vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session. | 5.0 |
| 2020-04-22 | CVE-2020-11687 | Information Exposure vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages. | 5.0 |
| 2020-04-22 | CVE-2020-11686 | Information Exposure vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings. | 4.0 |
| 2020-04-22 | CVE-2020-11685 | Missing Encryption of Sensitive Data vulnerability in Jetbrains Goland In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS. | 5.0 |
| 2020-04-10 | CVE-2020-11694 | Insufficiently Protected Credentials vulnerability in Jetbrains Pycharm 2019.2.5/2019.3 In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. | 5.0 |
| 2020-02-21 | CVE-2020-7907 | Information Exposure vulnerability in Jetbrains Scala In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections. | 5.0 |
| 2020-01-31 | CVE-2020-7914 | Information Exposure vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. | 5.0 |
| 2020-01-30 | CVE-2020-7913 | Cross-site Scripting vulnerability in Jetbrains Youtrack JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description. | 4.3 |
| 2020-01-30 | CVE-2020-7912 | Exposure of Resource to Wrong Sphere vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups. | 5.0 |