Jetbrains: Security Vulnerabilities
In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible
CVSS Score
7.8
EPSS Score
0.001
Published
2025-01-28
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
CVSS Score
4.3
EPSS Score
0.003
Published
2025-01-21
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint
CVSS Score
6.5
EPSS Score
0.003
Published
2025-01-21
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping
CVSS Score
6.7
EPSS Score
0.003
Published
2025-01-21
In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs
CVSS Score
5.5
EPSS Score
0.006
Published
2025-01-21
In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
CVSS Score
7.1
EPSS Score
0.002
Published
2025-01-21
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
CVSS Score
4.6
EPSS Score
0.026
Published
2025-01-21
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies
CVSS Score
5.5
EPSS Score
0.003
Published
2024-12-20
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission
CVSS Score
5.5
EPSS Score
0.003
Published
2024-12-20
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
CVSS Score
4.6
EPSS Score
0.008
Published
2024-12-20