Vulnerabilidades em JetBrains

332 resultados
Análise Vexday

Com 325 CVEs catalogadas e 3 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos JetBrains é 2 vezes acima da média geral do catálogo, o que indica risco operacional elevado mesmo com volume absoluto relativamente contido. A CVE mais crítica em exploração ativa, CVE-2024-27199, apresenta EPSS de 0,9999 — valor praticamente máximo, sinalizando altíssima probabilidade de exploração em ambientes reais e exigindo atenção imediata de equipes de resposta. O tipo de falha mais recorrente é CWE-79 (Cross-Site Scripting), padrão que, embora frequentemente subestimado, pode facilitar comprometimento de sessões e movimentação lateral em ambientes de desenvolvimento. Os 29 CVEs surgidos nos últimos 90 dias e a presença de 4 com PoC pública reforçam a necessidade de ciclos ágeis de patching para produtos desta família.

CVE-2026-28196LOWIn JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on diskEPSS 0.1%CVE-2022-46825MEDIUMIn JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.EPSS 0.1%CVE-2025-57729MEDIUMIn JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server startEPSS 0.1%CVE-2025-54529LOWIn JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integrationEPSS 0.1%CVE-2024-52555MEDIUMIn JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer scriptEPSS 0.1%CVE-2025-57732HIGHIn JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownershipEPSS 0.1%CVE-2026-49383LOWIn JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possibleEPSS 0.1%CVE-2022-48431MEDIUMIn JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmationEPSS 0.1%CVE-2026-32745MEDIUMIn JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settingsEPSS 0.1%CVE-2025-68269MEDIUMIn JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSHEPSS 0.1%CVE-2025-64457MEDIUMIn JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race conditionEPSS 0.1%CVE-2025-64456HIGHIn JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalationEPSS 0.1%