Vulnerabilities > Jetbrains > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-08 | CVE-2022-46827 | XXE vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. | 5.5 |
| 2022-12-08 | CVE-2022-46830 | Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Teamcity 2022.10 In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. | 5.3 |
| 2022-12-08 | CVE-2022-46831 | Insecure Default Initialization of Resource vulnerability in Jetbrains Teamcity 2022.10 In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators. | 4.9 |
| 2022-11-03 | CVE-2022-44622 | Unspecified vulnerability in Jetbrains Teamcity 2021.2/2022.04/2022.04.2 In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive | 5.3 |
| 2022-11-03 | CVE-2022-44646 | Unspecified vulnerability in Jetbrains Teamcity In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings | 5.3 |
| 2022-07-01 | CVE-2022-34894 | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services | 5.0 |
| 2022-05-12 | CVE-2022-29927 | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible | 4.3 |
| 2022-05-12 | CVE-2022-29928 | Information Exposure Through Log Files vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible | 4.0 |
| 2022-05-12 | CVE-2022-29929 | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible | 4.3 |
| 2022-05-12 | CVE-2022-29930 | Use of Insufficiently Random Values vulnerability in Jetbrains Ktor 2.0.0 SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. | 4.9 |