Jetbrains: Security Vulnerabilities
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations
CVSS Score
2.7
EPSS Score
0.002
Published
2025-11-10
In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
CVSS Score
2.7
EPSS Score
0.001
Published
2025-11-10
In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
CVSS Score
5.3
EPSS Score
0.002
Published
2025-11-10
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
CVSS Score
4.3
EPSS Score
0.003
Published
2025-11-10
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows
CVSS Score
7.7
EPSS Score
0.008
Published
2025-09-17
In JetBrains Junie before 252.284.66,
251.284.66,
243.284.66,
252.284.61,
251.284.61,
243.284.61,
252.284.50,
252.284.54,
251.284.54,
251.284.50,
243.284.54,
243.284.50 code execution was possible due to improper command validation
CVSS Score
8.3
EPSS Score
0.004
Published
2025-09-17
In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition
CVSS Score
4.2
EPSS Score
0.004
Published
2025-09-17
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload
CVSS Score
5.5
EPSS Score
0.121
Published
2025-09-17
In JetBrains Junie before 252.284.66,
251.284.66,
243.284.66,
252.284.61,
251.284.61,
243.284.61,
252.284.50,
252.284.54,
251.284.54,
251.284.50,
243.284.54,
243.284.50 information disclosure was possible via search_project function
CVSS Score
5.5
EPSS Score
0.002
Published
2025-08-28
In JetBrains IDE Services before 2025.5.0.1086,
2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves
CVSS Score
8.1
EPSS Score
0.003
Published
2025-08-28