Filtered by vendor Jetbrains
Subscribe
Total
359 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15824 | 2 Jetbrains, Oracle | 3 Kotlin, Banking Extensibility Workbench, Communications Cloud Native Core Policy | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default. | |||||
| CVE-2017-8316 | 1 Jetbrains | 1 Intellij Idea | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml. | |||||
| CVE-2023-45613 | 1 Jetbrains | 1 Ktor | 2023-10-12 | N/A | 9.1 CRITICAL |
| In JetBrains Ktor before 2.3.5 server certificates were not verified | |||||
| CVE-2023-45612 | 1 Jetbrains | 1 Ktor | 2023-10-12 | N/A | 9.8 CRITICAL |
| In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE | |||||
| CVE-2023-42793 | 1 Jetbrains | 1 Teamcity | 2023-10-03 | N/A | 9.8 CRITICAL |
| In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | |||||
| CVE-2023-43566 | 1 Jetbrains | 1 Teamcity | 2023-09-21 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration | |||||
| CVE-2023-41250 | 1 Jetbrains | 1 Teamcity | 2023-08-28 | N/A | 6.1 MEDIUM |
| In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration | |||||
| CVE-2023-41249 | 1 Jetbrains | 1 Teamcity | 2023-08-28 | N/A | 6.1 MEDIUM |
| In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step | |||||
| CVE-2023-41248 | 1 Jetbrains | 1 Teamcity | 2023-08-28 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration | |||||
| CVE-2019-10103 | 1 Jetbrains | 1 Kotlin | 2023-08-18 | 6.8 MEDIUM | 8.1 HIGH |
| JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101. | |||||
| CVE-2019-10102 | 1 Jetbrains | 2 Kotlin, Ktor | 2023-08-18 | 6.8 MEDIUM | 8.1 HIGH |
| JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30. | |||||
| CVE-2019-10101 | 1 Jetbrains | 1 Kotlin | 2023-08-18 | 6.8 MEDIUM | 8.1 HIGH |
| JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. | |||||
| CVE-2022-24336 | 1 Jetbrains | 1 Teamcity | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. | |||||
| CVE-2021-25761 | 1 Jetbrains | 1 Ktor | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. | |||||
| CVE-2021-37540 | 1 Jetbrains | 1 Hub | 2023-08-08 | 6.4 MEDIUM | 6.5 MEDIUM |
| In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. | |||||
| CVE-2021-31898 | 1 Jetbrains | 1 Webstorm | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS. | |||||
| CVE-2022-24442 | 1 Jetbrains | 1 Youtrack | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. | |||||
| CVE-2022-24331 | 1 Jetbrains | 1 Teamcity | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. | |||||
| CVE-2022-25262 | 1 Jetbrains | 1 Hub | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. | |||||
| CVE-2023-39261 | 1 Jetbrains | 1 Intellij Idea | 2023-08-02 | N/A | 7.8 HIGH |
| In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions | |||||