Latest Jetbrains Vulnerabilities

CVE-2024-31138
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
Jetbrains Teamcity<2024.03
CVE-2024-31137
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
Jetbrains Teamcity<2024.03
CVE-2024-31135
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
Jetbrains Teamcity<2024.03
CVE-2024-27198
JetBrains TeamCity Authentication Bypass Vulnerability
Jetbrains Teamcity<2023.11.4
Jetbrains Teamcity
CVE-2023-40057
SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-23477
SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-23476
SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-23478
SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-23479
SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-24943
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image
Jetbrains Toolbox<2.2
CVE-2024-23917
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
Jetbrains Teamcity=2017.1
Jetbrains Teamcity=2017.2
Jetbrains Teamcity=2018.1
Jetbrains Teamcity=2018.2
Jetbrains Teamcity=2019.1
Jetbrains Teamcity=2019.2
and 18 more
CVE-2024-24942
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
Jetbrains Teamcity<2023.11.3
CVE-2024-24940
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
JetBrains IntelliJ IDEA<2023.3.3
CVE-2024-24941
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
JetBrains IntelliJ IDEA<2023.3.3
CVE-2024-24939
In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible
JetBrains Rider<2023.3.3
CVE-2024-24938
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
Jetbrains Teamcity<2023.11.2
CVE-2024-24937
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible
Jetbrains Teamcity<2023.11.2
CVE-2024-24936
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
Jetbrains Teamcity<2023.11.2
CVE-2024-22370
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible
Jetbrains Youtrack<2023.3.22666
CVE-2023-51655
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration
JetBrains IntelliJ IDEA<2023.3.2
CVE-2023-50870
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible
Jetbrains Teamcity<2023.11.1
CVE-2023-50871
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed
Jetbrains Youtrack<2023.3.22268
CVE-2023-45612
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
JetBrains Ktor<2.3.5
CVE-2023-45613
In JetBrains Ktor before 2.3.5 server certificates were not verified
JetBrains Ktor<2.3.5
CVE-2023-42793
JetBrains TeamCity Authentication Bypass Vulnerability
Jetbrains Teamcity<2023.05.4
Jetbrains Teamcity
Jetbrains Teamcity=2017.1
Jetbrains Teamcity=2017.2
Jetbrains Teamcity=2018.1
Jetbrains Teamcity=2018.2
and 19 more
CVE-2023-43566
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration
Jetbrains Teamcity<2023.05.4
CVE-2023-41248
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
Jetbrains Teamcity<2023.05.3
CVE-2023-41249
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step
Jetbrains Teamcity<2023.05.3
CVE-2023-41250
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
Jetbrains Teamcity<2023.05.3
CVE-2023-39261
In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions
JetBrains IntelliJ IDEA<2023.2
CVE-2023-39173
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
Jetbrains Teamcity<2023.05.2
CVE-2023-39175
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
Jetbrains Teamcity<2023.05.2
CVE-2023-39174
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers
Jetbrains Teamcity<2023.05.2
CVE-2023-38069
In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases
JetBrains IntelliJ IDEA<2023.1.4
CVE-2023-38063
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
Jetbrains Teamcity<2023.05.1
CVE-2023-38068
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
Jetbrains Youtrack<2023.1.16597
CVE-2023-38066
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
Jetbrains Teamcity<2023.05.1
CVE-2023-38064
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
Jetbrains Teamcity<2023.05.1
CVE-2023-38065
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
Jetbrains Teamcity<2023.05.1
CVE-2023-38062
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations
Jetbrains Teamcity<2023.05.1
CVE-2023-38061
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
Jetbrains Teamcity<2023.05.1
CVE-2023-38067
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
Jetbrains Teamcity<2023.05.1
CVE-2015-1313
Jetbrains Teamcity>=8.0<9.0.2
CVE-2023-35054
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
Jetbrains Youtrack<2023.1.10518
CVE-2023-34339
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
JetBrains Ktor<2.3.1
CVE-2023-34228
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
Jetbrains Teamcity<2023.05
CVE-2023-34221
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
Jetbrains Teamcity<2023.05
CVE-2023-34220
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
Jetbrains Teamcity<2023.05
CVE-2023-34219
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
Jetbrains Teamcity<2023.05
CVE-2023-34229
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
Jetbrains Teamcity<2023.05

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203