Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Jetbrains Security Vulnerabilities

cve
cve

CVE-2024-37051

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5,...

9.3CVSS

6.9AI Score

0.001EPSS

2024-06-10 04:15 PM
50
cve
cve

CVE-2024-38507

In JetBrains Hub before 2024.2.34646 stored XSS via project description was...

3.5CVSS

3.8AI Score

0.0004EPSS

2024-06-18 11:15 AM
20
cve
cve

CVE-2024-38504

In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to...

4.3CVSS

4.8AI Score

0.0004EPSS

2024-06-18 11:15 AM
22
cve
cve

CVE-2024-38505

In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-18 11:15 AM
22
cve
cve

CVE-2024-31134

In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-03-28 03:15 PM
32
cve
cve

CVE-2024-29880

In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent...

4.2CVSS

6.8AI Score

0.0004EPSS

2024-03-21 02:15 PM
34
cve
cve

CVE-2024-38506

In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for...

6.3CVSS

6.4AI Score

0.0004EPSS

2024-06-18 11:15 AM
22
cve
cve

CVE-2024-24943

In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG...

5.5CVSS

5.5AI Score

0.0004EPSS

2024-02-06 10:15 AM
87
cve
cve

CVE-2024-36367

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was...

4.6CVSS

5.6AI Score

0.0004EPSS

2024-05-29 02:15 PM
21
cve
cve

CVE-2024-36373

In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were...

4.6CVSS

5.8AI Score

0.0004EPSS

2024-05-29 02:15 PM
23
cve
cve

CVE-2024-36364

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-05-29 02:15 PM
22
cve
cve

CVE-2024-36371

In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was...

4.6CVSS

5.7AI Score

0.0004EPSS

2024-05-29 02:15 PM
23
cve
cve

CVE-2024-28173

In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-03-06 05:15 PM
32
cve
cve

CVE-2024-36363

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were...

4.6CVSS

6AI Score

0.0004EPSS

2024-05-29 02:15 PM
21
cve
cve

CVE-2024-35299

In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname...

5.9CVSS

6.9AI Score

0.0004EPSS

2024-05-16 11:15 AM
25
cve
cve

CVE-2024-35301

In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App...

5.5CVSS

6.8AI Score

0.0004EPSS

2024-05-16 11:15 AM
25
cve
cve

CVE-2024-36370

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was...

4.6CVSS

5.5AI Score

0.0004EPSS

2024-05-29 02:15 PM
23
cve
cve

CVE-2024-35302

In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was...

5.4CVSS

5.8AI Score

0.0004EPSS

2024-05-16 11:15 AM
26
cve
cve

CVE-2024-23917

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was...

9.8CVSS

9.7AI Score

0.044EPSS

2024-02-06 10:15 AM
63
In Wild
cve
cve

CVE-2024-36470

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge...

8.1CVSS

7.1AI Score

0.0004EPSS

2024-05-29 02:15 PM
27
cve
cve

CVE-2024-36365

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud...

6.8CVSS

6.8AI Score

0.0004EPSS

2024-05-29 02:15 PM
22
cve
cve

CVE-2024-24939

In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was...

5.3CVSS

5.3AI Score

0.0005EPSS

2024-02-06 10:15 AM
16
cve
cve

CVE-2024-36372

In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was...

4.6CVSS

6AI Score

0.0004EPSS

2024-05-29 02:15 PM
21
cve
cve

CVE-2024-36368

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was...

4.6CVSS

5.8AI Score

0.0004EPSS

2024-05-29 02:15 PM
25
cve
cve

CVE-2024-36366

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering...

5.4CVSS

6AI Score

0.0004EPSS

2024-05-29 02:15 PM
25
cve
cve

CVE-2024-27198

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was...

9.8CVSS

9.6AI Score

0.972EPSS

2024-03-04 06:15 PM
159
In Wild
cve
cve

CVE-2024-31139

In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps...

5.9CVSS

6.8AI Score

0.0004EPSS

2024-03-28 03:15 PM
32
cve
cve

CVE-2024-35300

In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were...

3.5CVSS

5.8AI Score

0.0004EPSS

2024-05-16 11:15 AM
28
cve
cve

CVE-2024-28230

In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-03-07 12:15 PM
29
cve
cve

CVE-2024-28174

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized...

5.8CVSS

5.7AI Score

0.0004EPSS

2024-03-06 05:15 PM
31
cve
cve

CVE-2024-36369

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was...

4.6CVSS

5.5AI Score

0.0004EPSS

2024-05-29 02:15 PM
22
cve
cve

CVE-2024-36378

In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth...

5.9CVSS

6.8AI Score

0.0004EPSS

2024-05-29 02:15 PM
22
cve
cve

CVE-2024-36374

In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was...

4.6CVSS

5.5AI Score

0.0004EPSS

2024-05-29 02:15 PM
22
cve
cve

CVE-2024-36376

In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-05-29 02:15 PM
22
cve
cve

CVE-2024-31136

In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL...

7.4CVSS

6.8AI Score

0.0004EPSS

2024-03-28 03:15 PM
24
cve
cve

CVE-2024-36362

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-05-29 02:15 PM
25
cve
cve

CVE-2024-36377

In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user...

6.5CVSS

7.2AI Score

0.0004EPSS

2024-05-29 02:15 PM
25
cve
cve

CVE-2024-36375

In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be...

5.3CVSS

6.5AI Score

0.0004EPSS

2024-05-29 02:15 PM
24
cve
cve

CVE-2024-31138

In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution...

5.4CVSS

5.5AI Score

0.001EPSS

2024-03-28 03:15 PM
33
cve
cve

CVE-2024-31135

In JetBrains TeamCity before 2024.03 open redirect was possible on the login...

6.1CVSS

6.8AI Score

0.0005EPSS

2024-03-28 03:15 PM
30
cve
cve

CVE-2024-31137

In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection...

6.8CVSS

6AI Score

0.0005EPSS

2024-03-28 03:15 PM
29
cve
cve

CVE-2024-31140

In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing...

4.1CVSS

7AI Score

0.0004EPSS

2024-03-28 03:15 PM
25
cve
cve

CVE-2024-27199

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was...

7.3CVSS

8.3AI Score

0.009EPSS

2024-03-04 06:15 PM
80
In Wild
cve
cve

CVE-2024-28229

In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-03-07 12:15 PM
33
cve
cve

CVE-2024-28228

In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-03-07 12:15 PM
32
cve
cve

CVE-2024-24942

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR...

5.3CVSS

5.3AI Score

0.0005EPSS

2024-02-06 10:15 AM
24
cve
cve

CVE-2024-24936

In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was...

5.3CVSS

5.3AI Score

0.0005EPSS

2024-02-06 10:15 AM
13
cve
cve

CVE-2024-24938

In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL...

5.3CVSS

5.3AI Score

0.0005EPSS

2024-02-06 10:15 AM
11
cve
cve

CVE-2024-24937

In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was...

5.4CVSS

5.2AI Score

0.0004EPSS

2024-02-06 10:15 AM
12
cve
cve

CVE-2024-24941

In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate...

6.1CVSS

5.4AI Score

0.0005EPSS

2024-02-06 10:15 AM
15
Total number of security vulnerabilities396