Jetbrains Latest Vulnerabilities

September 16

HTML Injection Vulnerability in JetBrains IntelliJ IDEA Before 2024.1

CVE-2024-46970
JetbrainsIntellij Idea3.3LOW

August 16

XSS vulnerability in TeamCity agentPushPreset page

CVE-2024-43809
JetBrainsTeamcity6.1MEDIUM

Self-XSS vulnerability in JetBrains TeamCity 2024.07.1 HashiCorp Vault plugin

CVE-2024-43808
JetBrainsTeamcity5.4MEDIUM

XSS vulnerability in TeamCity's AWS Core plugin

CVE-2024-43810
JetBrainsTeamcity5.4MEDIUM

Stored XSS vulnerability in TeamCity Clouds page

CVE-2024-43807
JetBrainsTeamcity5.4MEDIUM

August 6

Potential Privilege Escalation in TeamCity Before 2024.07.1

CVE-2024-43114
JetbrainsTeamcity7.8HIGH

July 22

Code Inspection Vulnerability in TeamCity Before 2024.07

CVE-2024-41825
JetBrainsTeamcity5.4MEDIUM

TeamCity OAuth Code Theft Vulnerability

CVE-2024-41829
JetBrainsTeamcity7.5HIGH

XSS vulnerability found in TeamCity before 2024.07

CVE-2024-41826
JetBrainsTeamcity4.8MEDIUM

Authorization Token Comparison Took Non-Constant Time in Previous Versions of TeamCity

CVE-2024-41828
JetBrainsTeamcity6.5MEDIUM

Password Leaks in TeamCity Build Logs

CVE-2024-41824
JetbrainsTeamcity6.5MEDIUM

Access Tokens Persisted After Deletion or Expiration in Previous JetBrains TeamCity Versions

CVE-2024-41827
JetbrainsTeamcity9.8CRITICAL

July 1

TeamCity Application Token Exposure in EC2 Cloud Profile Settings

CVE-2024-39879
JetbrainsTeamcity5MEDIUM

Private Key Exposure in TeamCity Before 2024.03.3

CVE-2024-39878
JetbrainsTeamcity4.1MEDIUM

June 18

XSS vulnerability in JetBrains Hub project descriptions

CVE-2024-38507
JetbrainsHub5.4MEDIUM

Auto-attach vulnerability in YouTrack before 2024.2.34646

CVE-2024-38506
JetbrainsYoutrack8.1HIGH

YouTrack User Access Tokens Vulnerability

CVE-2024-38505
JetbrainsYoutrack7.5HIGH

Guest User Account Attachment Vulnerability

CVE-2024-38504
JetbrainsYoutrack5.3MEDIUM

June 10

CVE-2024-37051
JetbrainsIntellij Idea👾7.5HIGH

May 29

Authentication Bypass Vulnerability in JetBrains TeamCity

CVE-2024-36470
JetbrainsTeamcity8.1HIGH

TeamCity Vulnerable to DoS Attacks via Incorrect Auth Tokens

CVE-2024-36378
JetbrainsTeamcity5.9MEDIUM

CVE-2024-36377
JetbrainsTeamcity6.5MEDIUM

Unauthorized Actions in TeamCity Before 2024.03.2

CVE-2024-36376
JetbrainsTeamcity6.5MEDIUM

TeamCity Server Security Vulnerability

CVE-2024-36375
JetbrainsTeamcity5.3MEDIUM

XSS vulnerability in TeamCity build step settings

CVE-2024-36374
JetbrainsTeamcity4.6MEDIUM

Stored XSS vulnerability in TeamCity untrusted builds settings

CVE-2024-36373
JetbrainsTeamcity4.6MEDIUM

XSS vulnerability in TeamCity subscriptions page

CVE-2024-36372
JetbrainsTeamcity4.6MEDIUM

Stored XSS vulnerability in Commit status publisher

CVE-2024-36371
JetbrainsTeamcity4.6MEDIUM

Stored XSS via OAuth Connection Settings in JetBrains TeamCity Before 2022.04.6, 2022.10.5, 2023.05.5, and 2023.11.5

CVE-2024-36370
JetbrainsTeamcity4.6MEDIUM

Stored XSS via Issue Tracker Integration in JetBrains TeamCity Before 2022.04.6, 2022.10.5, 2023.05.5, and 2023.11.5

CVE-2024-36369
JetbrainsTeamcity4.6MEDIUM

XSS via OAuth Provider Configuration in JetBrains TeamCity Before 2022.04.6, 2022.10.5, 2023.05.5, and 2023.11.5

CVE-2024-36368
JetbrainsTeamcity4.6MEDIUM

Stored XSS via Third-Party Reports in JetBrains TeamCity Before 2022.04.6, 2022.10.5, 2023.05.5, and 2023.11.5

CVE-2024-36367
JetbrainsTeamcity4.6MEDIUM

XSS vulnerability in TeamCity report grouping and filtering operations

CVE-2024-36366
JetbrainsTeamcity5.4MEDIUM

Third-Party Agent Could Impersonate Cloud Agent in JetBrains TeamCity Before Certain Versions

CVE-2024-36365
JetbrainsTeamcity6.8MEDIUM

Insecure Access Control in Pull Requests and Commit Status Publisher Build Features

CVE-2024-36364
JetbrainsTeamcity6.5MEDIUM

Stored XSS vulnerabilities in TeamCity code inspection reports

CVE-2024-36363
JetbrainsTeamcity4.6MEDIUM

Path Traversal Vulnerability in TeamCity Allows Reading of Server Files

CVE-2024-36362
JetbrainsTeamcity6.5MEDIUM

May 16

Stored XSS vulnerability in TeamCity before 2023.11

CVE-2024-35302
JetbrainsTeamcity5.4MEDIUM

TeamCity Vulnerability: GitHub App Token Scope Not Checked

CVE-2024-35301
JetbrainsTeamcity5.5MEDIUM

Stored XSS Vulnerabilities in TeamCity Available Updates Page

CVE-2024-35300
JetbrainsTeamcity3.5LOW

Certificate Hostname Validation Flaw in YouTrack Before 2024.1.29548

CVE-2024-35299
JetbrainsYoutrack5.9MEDIUM

March 28

Server Administrators Could Remove Arbitrary Files via Installation of Tools

CVE-2024-31140
JetbrainsTeamcity4.1MEDIUM

Maven build steps detector vulnerability

CVE-2024-31139
JetbrainsTeamcity5.9MEDIUM

TeamCity Vulnerability: XSS via Agent Distribution Settings

CVE-2024-31138
JetbrainsTeamcity4.6MEDIUM

TeamCity XSS Vulnerability

CVE-2024-31137
JetbrainsTeamcity6.1MEDIUM

2FA Bypass Vulnerability in JetBrains TeamCity Before 2024.03

CVE-2024-31136
JetbrainsTeamcity7.4HIGH

TeamCity Login Page Vulnerable to Open Redirect

CVE-2024-31135
JetbrainsTeamcity6.1MEDIUM

Unrestricted User Registration Vulnerability in JetBrains TeamCity Before 2024.03

CVE-2024-31134
JetbrainsTeamcity6.5MEDIUM

March 21

Agent Permissions Vulnerability Affects TeamCity Users

CVE-2024-29880
JetbrainsTeamcity4.2MEDIUM

March 7

Workflow Attachment/Detachment Vulnerability in YouTrack Before 2024.1.25893

CVE-2024-28230
JetbrainsYoutrack6.5MEDIUM

Security Vulnerability in YouTrack Allows Unauthorized Issue Restoration

CVE-2024-28229
JetbrainsYoutrack6.5MEDIUM

Arbitrary User Comments on Behalf of Others Allowed in YouTrack Before 2024.1.25893

CVE-2024-28228
JetbrainsYoutrack5.3MEDIUM

March 6

Improper Authorization of Presigned URL Generation Requests in S3 Artifact Storage Plugin

CVE-2024-28174
JetbrainsTeamcity5.8MEDIUM

Custom Build Parameters of Password Type Disclosed

CVE-2024-28173
JetbrainsTeamcity4.3MEDIUM

March 4

Path Traversal Vulnerability in TeamCity Allows Limited Admin Actions

CVE-2024-27199
JetbrainsTeamcity7.3HIGH

Authentication Bypass in JetBrains TeamCity Allows Admin Actions

CVE-2024-27198
JetbrainsTeamcity🔥😄👾9.8CRITICAL

February 6

Toolbox App vulnerable to DoS attack via malicious SVG image

CVE-2024-24943
JetBrainsToolbox App5.5MEDIUM

Authentication Bypass in TeamCity Could Lead to Remote Code Execution

CVE-2024-23917
JetbrainsTeamcity😄👾9.8CRITICAL

Path Traversal Vulnerability in TeamCity Affects JAR Archives

CVE-2024-24942
JetbrainsTeamcity5.3MEDIUM

Inappropriate Authentication Token Leak in JetBrains IntelliJ IDEA Before 2023.3.3

CVE-2024-24941
JetBrainsIntelliJ IDEA5.3MEDIUM

Path Traversal Vulnerability in IntelliJ IDEA Before 2023.3.3

CVE-2024-24940
JetBrainsIntelliJ IDEA4.3MEDIUM

Logging of Environment Variables Containing Secret Values Possible in JetBrains Rider Before 2023.3.3

CVE-2024-24939
JetBrainsRider5.3MEDIUM

Directory Traversal Vulnerability in Kotlin DSL Documentation

CVE-2024-24938
JetBrainsTeamCity5.3MEDIUM

XSS vulnerability in TeamCity agent distribution

CVE-2024-24937
JetBrainsTeamCity5.4MEDIUM

Access Control Oversight in TeamCity Artifact Storage Plugin

CVE-2024-24936
JetBrainsTeamCity5.3MEDIUM

January 9

CVE-2024-22370
JetBrainsYouTrack4.6MEDIUM

December 21

CVE-2023-51655
JetBrainsIntelliJ IDEA6.3MEDIUM

December 15

CVE-2023-50871
JetBrainsYouTrack4.3MEDIUM

CVE-2023-50870
JetBrainsTeamCity4.3MEDIUM

October 9

CVE-2023-45613
JetBrainsKtor9.1CRITICAL

CVE-2023-45612
JetBrainsKtor9.8CRITICAL

September 19

Authentication Bypass Leads to Remote Code Execution in JetBrains TeamCity Before 2023.05.4

CVE-2023-42793
JetBrainsTeamCity👾9.8CRITICAL

CVE-2023-43566
JetBrainsTeamCity5.4MEDIUM

August 25

CVE-2023-41249
JetBrainsTeamCity6.1MEDIUM

CVE-2023-41248
JetBrainsTeamCity5.4MEDIUM

CVE-2023-41250
JetBrainsTeamCity6.1MEDIUM

July 26

CVE-2023-39261
JetBrainsIntelliJ IDEA7.8HIGH

July 25

CVE-2023-39174
JetBrainsTeamCity7.5HIGH

CVE-2023-39173
JetBrainsTeamCity8.8HIGH

CVE-2023-39175
JetBrainsTeamCity6.1MEDIUM

July 12

CVE-2023-38068
JetBrainsYouTrack7.3HIGH

CVE-2023-38065
JetBrainsTeamCity5.4MEDIUM

CVE-2023-38069
JetBrainsIntelliJ IDEA3.3LOW

CVE-2023-38064
JetBrainsTeamCity6.5MEDIUM

CVE-2023-38061
JetBrainsTeamCity5.4MEDIUM

CVE-2023-38066
JetBrainsTeamCity6.1MEDIUM

CVE-2023-38067
JetBrainsTeamCity6.5MEDIUM

CVE-2023-38062
JetBrainsTeamCity6.5MEDIUM

CVE-2023-38063
JetBrainsTeamCity5.4MEDIUM

June 29

CVE-2015-1313
JetbrainsTeamcity6.5MEDIUM

June 12

CVE-2023-35054
JetBrainsYouTrack5.4MEDIUM

CVE-2023-35053
JetBrainsYouTrack7.5HIGH

June 1

CVE-2023-34339
JetBrainsKtor3.3LOW

May 31

CVE-2023-34219
JetBrainsTeamCity4.3MEDIUM

CVE-2023-34224
JetBrainsTeamCity4.8MEDIUM

CVE-2023-34226
JetBrainsTeamCity6.1MEDIUM

CVE-2023-34228
JetBrainsTeamCity6.5MEDIUM

CVE-2023-34222
JetBrainsTeamCity6.1MEDIUM

CVE-2023-34225
JetBrainsTeamCity5.4MEDIUM

CVE-2023-34220
JetBrainsTeamCity5.4MEDIUM