Vulnerabilidades em JetBrains
325 resultadosCVE-2025-54537MEDIUMIn JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshotsEPSS 0.2%CVE-2024-38507LOWIn JetBrains Hub before 2024.2.34646 stored XSS via project description was possibleEPSS 0.2%CVE-2026-28193HIGHIn JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpointEPSS 0.2%CVE-2025-54527MEDIUMIn JetBrains YouTrack before 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344 improper iframe configuration in widget sandbox allowEPSS 0.2%CVE-2024-29880MEDIUMIn JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent processEPSS 0.2%CVE-2024-56356MEDIUMIn JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attackEPSS 0.2%CVE-2025-57728MEDIUMIn JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden filesEPSS 0.2%CVE-2026-49370LOWIn JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requestsEPSS 0.2%CVE-2026-49374HIGHIn JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parametersEPSS 0.2%CVE-2022-46826MEDIUMIn JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulneraEPSS 0.2%CVE-2022-29821MEDIUMIn JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possibleEPSS 0.2%CVE-2022-29819MEDIUMIn JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possibleEPSS 0.2%CVE-2022-29814MEDIUMIn JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possibleEPSS 0.2%CVE-2025-24458HIGHIn JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integrationEPSS 0.2%CVE-2026-49375MEDIUMIn JetBrains TeamCity before 2026.1,
2025.11.5 reflected XSS was possible on the repository download pageEPSS 0.2%CVE-2024-50573MEDIUMIn JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized servicesEPSS 0.2%CVE-2026-49385MEDIUMIn JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accountsEPSS 0.2%CVE-2026-49378MEDIUMIn JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletionEPSS 0.2%CVE-2022-47895MEDIUMIn JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.EPSS 0.2%CVE-2023-34339LOWIn JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's messageEPSS 0.2%