Jetbrains: Security Vulnerabilities
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
CVSS Score
2.7
EPSS Score
0.002
Published
2025-12-16
In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page
CVSS Score
3.5
EPSS Score
0.002
Published
2025-12-16
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
CVSS Score
3.1
EPSS Score
0.001
Published
2025-12-11
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
CVSS Score
2.7
EPSS Score
0.002
Published
2025-12-11
In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
CVSS Score
4.6
EPSS Score
0.004
Published
2025-12-11
In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
CVSS Score
3.8
EPSS Score
0.007
Published
2025-12-11
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit
CVSS Score
2.7
EPSS Score
0.002
Published
2025-11-11
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
CVSS Score
8.1
EPSS Score
0.002
Published
2025-11-10
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation
CVSS Score
8.4
EPSS Score
0.001
Published
2025-11-10
In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition
CVSS Score
4.2
EPSS Score
0.001
Published
2025-11-10