Vulnerabilidades en JetBrains
325 resultadosCVE-2024-41824MEDIUMIn JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific casesEPSS 0.3%CVE-2024-50579MEDIUMIn JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possibleEPSS 0.3%CVE-2024-56354MEDIUMIn JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permissionEPSS 0.3%CVE-2025-43016MEDIUMIn JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug sessionEPSS 0.3%CVE-2024-56351MEDIUMIn JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user rolesEPSS 0.3%CVE-2024-35300LOWIn JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possibleEPSS 0.3%CVE-2022-40979MEDIUMIn JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executableEPSS 0.3%CVE-2024-50576MEDIUMIn JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifestEPSS 0.3%CVE-2024-50580MEDIUMIn JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering ruleEPSS 0.3%CVE-2024-50581MEDIUMIn JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tagEPSS 0.3%CVE-2024-50578MEDIUMIn JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards pageEPSS 0.3%CVE-2024-50582MEDIUMIn JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elementsEPSS 0.3%CVE-2024-39879MEDIUMIn JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settingsEPSS 0.3%CVE-2025-52878MEDIUMIn JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissionsEPSS 0.3%CVE-2026-49372HIGHIn JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possibleEPSS 0.3%CVE-2024-24939LOWIn JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possibleEPSS 0.3%CVE-2024-41828LOWIn JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant timeEPSS 0.3%CVE-2024-36366MEDIUMIn JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering oEPSS 0.3%CVE-2024-36365MEDIUMIn JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agentEPSS 0.3%CVE-2025-64684MEDIUMIn JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback formEPSS 0.3%