Vulnerabilities > Jetbrains > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-03 | CVE-2019-12842 | Cross-site Scripting vulnerability in Jetbrains Teamcity A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. | 4.3 |
| 2019-07-03 | CVE-2019-12841 | Improper Input Validation vulnerability in Jetbrains Teamcity Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. | 5.0 |
| 2019-07-03 | CVE-2019-9873 | Cleartext Storage of Sensitive Information vulnerability in Jetbrains Intellij Idea In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. | 5.0 |
| 2019-07-03 | CVE-2019-9872 | Cleartext Storage of Sensitive Information vulnerability in Jetbrains Intellij Idea In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. | 4.3 |
| 2019-07-03 | CVE-2019-9823 | Cleartext Storage of Sensitive Information vulnerability in Jetbrains Intellij Idea In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. | 5.0 |
| 2019-07-03 | CVE-2019-12851 | Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Youtrack A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. | 6.8 |
| 2019-07-03 | CVE-2019-12847 | Insufficiently Protected Credentials vulnerability in Jetbrains HUB In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. | 4.0 |
| 2018-08-13 | CVE-2018-14878 | Deserialization of Untrusted Data vulnerability in Jetbrains Dotpeek and Resharper Ultimate JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data. | 6.8 |
| 2015-01-13 | CVE-2014-10036 | Cross-site Scripting vulnerability in Jetbrains Teamcity Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html. | 4.3 |
| 2015-01-13 | CVE-2014-10002 | Information Disclosure vulnerability in TeamCity Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. | 5.0 |