Focus on jetbrains vulnerabilities and metrics.
Last updated: 08 Mar 2025, 23:25 UTC
This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with jetbrains. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.
For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.
Total jetbrains CVEs: 437
Earliest CVE date: 13 Jan 2015, 11:59 UTC
Latest CVE date: 21 Jan 2025, 18:15 UTC
Latest CVE reference: CVE-2025-24461
30-day Count (Rolling): 0
365-day Count (Rolling): 92
Calendar-based Variation
Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.
Month Variation (Calendar): -100.0%
Year Variation (Calendar): 35.29%
Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 35.29%
Average CVSS: 2.93
Max CVSS: 10.0
Critical CVEs (≥9): 3
| Range | Count |
|---|---|
| 0.0-3.9 | 211 |
| 4.0-6.9 | 192 |
| 7.0-8.9 | 31 |
| 9.0-10.0 | 3 |
These are the five CVEs with the highest CVSS scores for jetbrains, sorted by severity first and recency.
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page
In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements
In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag
In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule
In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality
In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests
In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection
In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases
In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens
In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions
In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions
In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed
In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible
In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible
In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible
In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token
In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible
In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process
In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly
In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible
In JetBrains Ktor before 2.3.5 server certificates were not verified
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation.
In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.
In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible
In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.
In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases
In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution
In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.
In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.
In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible.
In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible.
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1.
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.
In JetBrains Hub before 2021.1.13690, stored XSS is possible.
In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.
In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.
In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.
In JetBrains TeamCity before 2020.2.3, XSS was possible.
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.
In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.
In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.
In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS.
In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.
In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group.
In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of unbounded resource allocation.
In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure.
In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS.
In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible because of insufficient checks when getting the project from VCS.
In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.
In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible.
Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions.
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.
JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.
In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.
In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.
In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.
In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user.
In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution.
In JetBrains Hub before 2020.1.12629, an open redirect was possible.
In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS.
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances.
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version.
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.
In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.
In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.
In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.
In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm.
In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2.
In JetBrains Space through 2020-04-22, the password authentication implementation was insecure.
In JetBrains Space through 2020-04-22, the session timeout period was configured improperly.
JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.
In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.
In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.
In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases.
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS.
JetBrains Space through 2020-04-22 allows stored XSS in Chats.
In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3.
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3.
Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network.
In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS.
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
JetBrains MPS before 2019.2.2 exposed listening ports to the network.
JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution.
In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.
JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.
An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1.
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation.
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293.
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.
JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS.
An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.
JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file.
The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository.
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented.
JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser.
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection.
JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles.
JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.
An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.
A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2.
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.
A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3.
A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3.
A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2.
Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2.
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8.
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.
Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852.
A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.
In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period.
In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.
In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the link-text-template field to execute code remotely.
JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data.
IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.
Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html.
Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.