Vulnerabilidades en JetBrains
325 resultadosCVE-2024-35301MEDIUMIn JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App tokenEPSS 0.3%CVE-2025-53959HIGHIn JetBrains YouTrack before 2025.2.86069,
2024.3.85077,
2025.1.86199 email spoofing via an administrative API was possibleEPSS 0.3%CVE-2025-24460MEDIUMIn JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent poolEPSS 0.3%CVE-2025-57733MEDIUMIn JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email contentEPSS 0.3%CVE-2025-58334HIGHIn JetBrains IDE Services before 2025.5.0.1086,
2025.4.2.2164 users without appropriate permissions could assign high-privileged role for tEPSS 0.3%CVE-2022-29816LOWIn JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possibleEPSS 0.3%CVE-2025-57731HIGHIn JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram contentEPSS 0.3%CVE-2026-44413HIGHIn JetBrains TeamCity before 2026.1
2025.11.5 authenticated users could expose server API to unauthorised accessEPSS 0.3%CVE-2026-41153MEDIUMIn JetBrains Junie before 252.549.29 command execution was possible via malicious project fileEPSS 0.3%CVE-2024-36371MEDIUMIn JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possibleEPSS 0.3%CVE-2022-47896MEDIUMIn JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.EPSS 0.3%CVE-2026-53915HIGHIn JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configurationEPSS 0.3%CVE-2023-39261MEDIUMIn JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissionsEPSS 0.3%CVE-2026-49371HIGHIn JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possibleEPSS 0.3%CVE-2026-49379MEDIUMIn JetBrains TeamCity before 2026.1 credentials could be exposed in thread namesEPSS 0.2%CVE-2024-43808LOWIn JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault pluginEPSS 0.2%CVE-2026-49386MEDIUMIn JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning CanvasEPSS 0.2%CVE-2022-40978HIGHThe installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijackingEPSS 0.2%CVE-2022-37009LOWIn JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possibleEPSS 0.2%CVE-2025-54538MEDIUMIn JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" commandEPSS 0.2%