Vulnerabilities > Jetbrains > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-08 CVE-2022-46827 XXE vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.
local
low complexity
jetbrains CWE-611
5.5
2022-12-08 CVE-2022-46830 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Teamcity 2022.10
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
network
low complexity
jetbrains CWE-918
5.3
2022-12-08 CVE-2022-46831 Insecure Default Initialization of Resource vulnerability in Jetbrains Teamcity 2022.10
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.
network
low complexity
jetbrains CWE-1188
4.9
2022-11-03 CVE-2022-44622 Unspecified vulnerability in Jetbrains Teamcity 2021.2/2022.04/2022.04.2
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
network
low complexity
jetbrains
5.3
2022-11-03 CVE-2022-44646 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings
network
low complexity
jetbrains
5.3
2022-07-01 CVE-2022-34894 Unspecified vulnerability in Jetbrains HUB
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
network
low complexity
jetbrains
5.0
2022-05-12 CVE-2022-29927 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
network
jetbrains CWE-79
4.3
2022-05-12 CVE-2022-29928 Information Exposure Through Log Files vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible
network
low complexity
jetbrains CWE-532
4.0
2022-05-12 CVE-2022-29929 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible
network
jetbrains CWE-79
4.3
2022-05-12 CVE-2022-29930 Use of Insufficiently Random Values vulnerability in Jetbrains Ktor 2.0.0
SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value.
network
low complexity
jetbrains CWE-330
4.9