Vulnerabilities in JetBrains

332 results

Vexday analysis

Com 325 CVEs catalogadas e 3 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos JetBrains é 2 vezes acima da média geral do catálogo, o que indica risco operacional elevado mesmo com volume absoluto relativamente contido. A CVE mais crítica em exploração ativa, CVE-2024-27199, apresenta EPSS de 0,9999 — valor praticamente máximo, sinalizando altíssima probabilidade de exploração em ambientes reais e exigindo atenção imediata de equipes de resposta. O tipo de falha mais recorrente é CWE-79 (Cross-Site Scripting), padrão que, embora frequentemente subestimado, pode facilitar comprometimento de sessões e movimentação lateral em ambientes de desenvolvimento. Os 29 CVEs surgidos nos últimos 90 dias e a presença de 4 com PoC pública reforçam a necessidade de ciclos ágeis de patching para produtos desta família.

CVE-2022-48431MEDIUMIn JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmationEPSS 0.1%CVE-2026-32745MEDIUMIn JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settingsEPSS 0.1%CVE-2025-68269MEDIUMIn JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSHEPSS 0.1%CVE-2025-64457MEDIUMIn JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race conditionEPSS 0.1%CVE-2025-64456HIGHIn JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalationEPSS 0.1%CVE-2026-57924MEDIUMIn JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile detailsEPSS —CVE-2026-57921MEDIUMIn JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpointEPSS —CVE-2026-57922LOWIn JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possibleEPSS —CVE-2026-57923MEDIUMIn JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settingsEPSS —CVE-2026-57925MEDIUMIn JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tagsEPSS —CVE-2026-53914MEDIUMIn JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadataEPSS —CVE-2026-57926LOWIn JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attackEPSS —

← previouspage 17 / 17next →