Jetbrains Security Vulnerabilities (CVEs)

This vulnerability allows local privilege escalation via the ETW Host Service in JetBrains development tools. Attackers with initial access to a syste...

This vulnerability in JetBrains TeamCity allows unauthorized decryption of connection secrets via the Test Connection endpoint. Attackers with access ...

JetBrains YouTrack versions before 2024.3.55417 expose permanent authentication tokens in application logs. This vulnerability allows attackers with a...

This vulnerability in JetBrains YouTrack allows attackers to take over user accounts by spoofing email addresses and exploiting the Helpdesk integrati...

This vulnerability allows reflected cross-site scripting (XSS) attacks on the Vault Connection page in JetBrains TeamCity. Attackers can inject malici...

JetBrains TeamCity backup files exposed user credentials and session cookies in versions before 2024.12. This vulnerability allows attackers with acce...

JetBrains TeamCity versions before 2024.12 have a cross-site scripting (XSS) vulnerability in the RemoteBuildLogController due to missing Content-Type...

This vulnerability in JetBrains TeamCity allows unauthorized users to modify build logs due to improper access control. It affects organizations using...

This vulnerability in JetBrains TeamCity allows access tokens to remain valid after user roles are removed, potentially enabling unauthorized access. ...

This CVE describes a prototype pollution vulnerability in JetBrains YouTrack issue tracking software. Attackers can manipulate JavaScript object proto...

This vulnerability allows attackers to inject malicious scripts into JetBrains YouTrack web pages through specially crafted links. When users click th...

This vulnerability allows attackers to inject malicious scripts into YouTrack comments due to improper HTML sanitization. When exploited, it enables c...

This vulnerability in JetBrains Hub allows authenticated users to generate permanent authentication tokens for services they shouldn't have access to....

This vulnerability allows reflected cross-site scripting (XSS) attacks in JetBrains YouTrack's Widget API. Attackers can inject malicious scripts that...

This stored cross-site scripting (XSS) vulnerability in JetBrains YouTrack allows attackers to inject malicious Angular templates into Hub settings, w...

The CVE-2024-49580 vulnerability in JetBrains Ktor's HttpCache Plugin involves improper caching that could allow unauthorized disclosure of cached HTT...

This vulnerability in JetBrains TeamCity allows passwords to be exposed through the Sonar runner REST API. Attackers could potentially retrieve sensit...

This CVE describes a path traversal vulnerability in JetBrains TeamCity that allows attackers to write backup files to arbitrary locations on the serv...

This vulnerability in JetBrains YouTrack allows unauthorized users to access global application configuration data. It affects all YouTrack instances ...

This vulnerability allows attackers to inject malicious scripts into the Clouds page of JetBrains TeamCity, which are then executed when other users v...

This vulnerability allows attackers to inject malicious scripts into web pages viewed by TeamCity users through the AWS Core plugin. When exploited, i...

This vulnerability in JetBrains TeamCity allows attackers to escalate privileges due to incorrect directory permissions. It affects all TeamCity insta...

This vulnerability allows access tokens in JetBrains TeamCity to remain functional after they have been deleted or expired, creating an authentication...

This vulnerability in JetBrains TeamCity allows password-type parameters to leak into build logs under specific conditions. It affects organizations u...

This vulnerability in JetBrains TeamCity exposes application tokens in EC2 Cloud Profile settings, potentially allowing unauthorized access to cloud r...

This vulnerability allows users without proper permissions to enable the auto-attach option for workflows in JetBrains YouTrack. This could lead to un...

This vulnerability allows guest users in JetBrains YouTrack to attach files to articles, which should be restricted. It affects YouTrack instances wit...

This CVE describes an authorization bypass vulnerability in JetBrains TeamCity where users could perform actions beyond their assigned permissions. It...

JetBrains TeamCity servers before version 2024.03.2 are vulnerable to denial-of-service attacks when receiving malformed authentication tokens. This v...

This CVE describes an authentication bypass vulnerability in JetBrains TeamCity CI/CD servers. Attackers could potentially gain unauthorized access to...

This stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to inject malicious scripts into OAuth connection settings...

This vulnerability allows reflected cross-site scripting (XSS) attacks on the subscriptions page of JetBrains TeamCity. Attackers can inject malicious...

This stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to inject malicious scripts into build step settings. When...

This Cross-Site Scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to inject malicious scripts into web pages viewed by other users....

This vulnerability allows reflected cross-site scripting (XSS) attacks via OAuth provider configuration in JetBrains TeamCity. Attackers can inject ma...

This CVE describes a path traversal vulnerability in JetBrains TeamCity that allows attackers to read arbitrary files from the server filesystem. The ...

This vulnerability in JetBrains TeamCity allows improper access control in Pull Requests and Commit status publisher build features. Attackers could p...

This vulnerability in JetBrains YouTrack allows man-in-the-middle attacks due to improper certificate hostname validation in SMTPS protocol communicat...

This vulnerability in JetBrains TeamCity allows GitHub App tokens to be used beyond their intended project scope, potentially enabling unauthorized ac...

This vulnerability allows attackers to bypass two-factor authentication (2FA) in JetBrains TeamCity by using a special URL parameter. It affects all T...

This vulnerability in JetBrains Ktor's ContentNegotiation feature with XML format allows attackers to perform XML External Entity (XXE) attacks, poten...

This vulnerability allows attackers to obtain NTLM password hashes through the built-in web server API in JetBrains IntelliJ IDEA. It affects users ru...

This vulnerability in JetBrains IntelliJ IDEA allows Gradle and Maven projects to be imported without requiring the 'Trust Project' confirmation dialo...

This stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to inject malicious scripts into the SSH keys page. When a...

This stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to inject malicious scripts into Perforce connection setti...