GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5,...
9.3CVSS
6.9AI Score
0.001EPSS
3.5CVSS
3.8AI Score
0.0004EPSS
In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to...
4.3CVSS
4.8AI Score
0.0004EPSS
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party...
5.3CVSS
5.3AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was...
6.5CVSS
6.7AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent...
4.2CVSS
6.8AI Score
0.0004EPSS
In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for...
6.3CVSS
6.4AI Score
0.0004EPSS
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG...
5.5CVSS
5.5AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was...
4.6CVSS
5.6AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were...
4.6CVSS
5.8AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was...
6.5CVSS
6.8AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was...
4.6CVSS
5.7AI Score
0.0004EPSS
In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be...
4.3CVSS
4.7AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were...
4.6CVSS
6AI Score
0.0004EPSS
In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname...
5.9CVSS
6.9AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App...
5.5CVSS
6.8AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was...
4.6CVSS
5.5AI Score
0.0004EPSS
5.4CVSS
5.8AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge...
8.1CVSS
7.1AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud...
6.8CVSS
6.8AI Score
0.0004EPSS
In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was...
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was...
4.6CVSS
6AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was...
4.6CVSS
5.8AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering...
5.4CVSS
6AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was...
5.9CVSS
6.8AI Score
0.0004EPSS
In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were...
3.5CVSS
5.8AI Score
0.0004EPSS
In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin...
6.5CVSS
6.4AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized...
5.8CVSS
5.7AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was...
4.6CVSS
5.5AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth...
5.9CVSS
6.8AI Score
0.0004EPSS
4.6CVSS
5.5AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their...
6.5CVSS
6.7AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL...
7.4CVSS
6.8AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was...
6.5CVSS
6.6AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user...
6.5CVSS
7.2AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be...
5.3CVSS
6.5AI Score
0.0004EPSS
5.4CVSS
5.5AI Score
0.001EPSS
6.1CVSS
6.8AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection...
6.8CVSS
6AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing...
4.1CVSS
7AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was...
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and...
6.5CVSS
6.5AI Score
0.0004EPSS
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was...
5.3CVSS
5.4AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR...
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was...
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL...
5.3CVSS
5.3AI Score
0.0005EPSS
5.4CVSS
5.2AI Score
0.0004EPSS
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate...
6.1CVSS
5.4AI Score
0.0005EPSS