Lucene search

JebrainsJETBRAINS:JETBRAINS-SECURITY-BULLETIN-Q2-2020

HistoryAug 06, 2020 - 12:00 a.m.

JetBrains Security Bulletin Q2 2020

2020-08-0600:00:00

Jebrains

blog.jetbrains.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.6%

JSON

FYI News Security

JetBrains Security Bulletin Q2 2020

Robert Demmer

In the second quarter of 2020, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved.

Product	Description	Severity	Resolved in	CVE/CWE
Datalore	Stack trace disclosure. (DL-7350)	Low	Not applicable	CWE-536
Datalore	Reverse tabnabbing was possible. (DL-7708)	Low	Not applicable	CWE-1022
JetBrains Account	Throttling for reset password functionality was missing if 2FA was enabled. Reported by Manu Pranav. (JPF-10527)	Medium	2020.06	CWE-799
JetBrains Website	Stack trace disclosure in case of an incorrect character in request. (JS-12490)	Low	Not applicable	CWE-536
JetBrains Website	Reflected XSS on jetbrains.com subdomain. Reported by Ritik Chaddha. (JS-12562)	Low	Not applicable	CWE-79
JetBrains Website	Open-redirect issues on kotlinconf.com. Reported by Ritik Chaddha. (JS-12581)	Low	Not applicable	CWE-601
JetBrains Website	Clickjacking was possible on a non-existent page. Reported by Pravas Ranjan Kanungo. (JS-12835)	Low	Not applicable	CWE-1021
YouTrack	Subtasks workflow could disclose the existence of an issue. (JT-45316)	Low	2020.2.8527	CVE-2020-15818
YouTrack	An external user could execute commands against arbitrary issues. (JT-56848)	High	2020.1.1331	CVE-2020-15817
YouTrack	SSRF vulnerability that allowed scanning internal ports. Reported by Evren Yalçın. (JT-56917)	Low	2020.2.10643	CVE-2020-15819
YouTrack	It was possible to change a redirect from any existing YouTrack InCloud instance to another instance. (JT-57036)	Medium	2020.1.3588	CWE-601
YouTrack	The markdown parser could disclose the existence of a hidden file. (JT-57235)	Low	2020.2.6881	CVE-2020-15820
YouTrack	A user without the appropriate permissions could create an article draft. (JT-57649)	Medium	2020.2.6881	CVE-2020-15821
YouTrack	The AWS metadata of a YouTrack InCloud instance was disclosed via SSRF in a workflow. Reported by Yurii Sanin. (JT-57964)	High	2020.2.8873	CVE-2020-15823
YouTrack	SSRF was possible because URL filtering could be escaped. Reported by Yurii Sanin. (JT-58204)	Low	2020.2.10514	CVE-2020-15822
Kotlin	Script cache privilege escalation vulnerability. Reported by Henrik Tunedal. (KT-38222)	Medium	1.4.0	CVE-2020-15824
Space	Draft title was disclosed to a user without access to the draft. (SPACE-5594)	Low	Not applicable	CWE-200
Space	A missing authorization check caused privilege escalation. Reported by Callum Carney. (SPACE-8034)	High	Not applicable	CWE-266
Space	Blind SSRF via calendar import. Reported by Yurii Sanin. (SPACE-8273)	Medium	Not applicable	CWE-918
Space	Drafts of direct messages sent from the iOS app could be sent to the channel. (SPACE-8377)	Low	Not applicable	CWE-200
Space	Chat messages were propagated to the browser console. (SPACE-8386)	High	Not applicable	CWE-215
Space	Missing authentication checks in Space Automation. (SPACE-8431)	Critical	Not applicable	CWE-306
Space	Missing authentication checks in Job-related API. (SPACE-8822)	Low	Not applicable	CWE-306
Space	Incorrect checks of public key content. (SPACE-9169)	Medium	Not applicable	CWE-287
Space	Stored XSS via repository resource. (SPACE-9277)	High	Not applicable	CWE-79
Toolbox App	Missing signature on “jetbrains-toolbox.exe”. (TBX-4671)	Low	1.17.6856	CVE-2020-15827
TeamCity	Users were able to assign more permissions than they had. (TW-36158)	Low	2020.1	CVE-2020-15826
TeamCity	Users with the “Modify group” permission could elevate other users’ privileges. (TW-58858)	Medium	2020.1	CVE-2020-15825
TeamCity	Password parameters could be disclosed via build logs. (TW-64484)	Low	2019.2.3	CVE-2020-15829
TeamCity	Project parameter values could be retrieved by a user without the appropriate permissions. (TW-64587)	High	2020.1.1	CVE-2020-15828
TeamCity	Reflected XSS on administration UI. (TW-64668)	High	2019.2.3	CVE-2020-15831
TeamCity	Stored XSS on administration UI. (TW-64699)	High	2019.2.3	CVE-2020-15830
Upsource	Unauthorized access was possible through an error in accounts linking. (SDP-940)	Low	2020.1	CVE-2019-19704

If you need any further assistance, please contact our Security Team.

Subscribe to receive the bulletin in your mailbox.

Your JetBrains Team_
The Drive to Develop_

security bulletin

SpringShell Vulnerability in JetBrains Products and Services Next post

Subscribe to JetBrains Blog updates

Subscribe form

By submitting this form, I agree to the JetBrains Privacy Policy Notification icon

By submitting this form, I agree that JetBrains s.r.o. (“JetBrains”) may use my name, email address, and location data to send me newsletters, including commercial communications, and to process my personal data for this purpose. I agree that JetBrains may process said data using third-party services for this purpose in accordance with the JetBrains Privacy Policy. I understand that I can revoke this consent at any time in my profile. In addition, an unsubscribe link is included in each email.

Submit

Thanks, we’ve got you!

image description

Affected configurations

Vulners

Node

jetbrainsscalaRange<2020.06jetbrains

jetbrainsyoutrackRange<2020.2.8527

jetbrainsyoutrackRange<2020.1.1331

jetbrainsyoutrackRange<2020.2.10643

jetbrainsyoutrackRange<2020.1.3588

jetbrainsyoutrackRange<2020.2.6881

jetbrainsyoutrackRange<2020.2.8873

jetbrainsyoutrackRange<2020.2.10514

jetbrainskotlinRange<1.4.0

jetbrainstoolboxRange<1.17.6856

jetbrainsteamcityRange<2020.1

jetbrainsteamcityRange<2019.2.3

jetbrainsteamcityRange<2020.1.1

jetbrainsteamcityRange<2019.2.3

jetbrainsupsourceRange<2020.1

CPENameOperatorVersion
jetbrains accountlt2020.06
youtracklt2020.2.8527
youtracklt2020.1.1331
youtracklt2020.2.10643
youtracklt2020.1.3588
youtracklt2020.2.6881
youtracklt2020.2.6881
youtracklt2020.2.8873
youtracklt2020.2.10514
kotlinlt1.4.0

Name	Operator	Version
jetbrains account	lt	2020.06
youtrack	lt	2020.2.8527
youtrack	lt	2020.1.1331
youtrack	lt	2020.2.10643
youtrack	lt	2020.1.3588
youtrack	lt	2020.2.6881
youtrack	lt	2020.2.6881
youtrack	lt	2020.2.8873
youtrack	lt	2020.2.10514
kotlin	lt	1.4.0