Vulnerabilities in JetBrains
325 resultsCVE-2022-48433MEDIUMIn JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.EPSS 0.6%CVE-2022-28650HIGHIn JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UIEPSS 0.6%CVE-2023-35053HIGHIn JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk formsEPSS 0.6%CVE-2022-38180MEDIUMIn JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some casesEPSS 0.6%CVE-2024-50574MEDIUMIn JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionalityEPSS 0.6%CVE-2022-48429MEDIUMIn JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
EPSS 0.6%CVE-2023-45612HIGHIn JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXEEPSS 0.6%CVE-2023-34218CRITICALIn JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possibleEPSS 0.6%CVE-2025-24457MEDIUMIn JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logsEPSS 0.6%CVE-2022-29035LOWIn JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementationsEPSS 0.6%CVE-2022-36322MEDIUMIn JetBrains TeamCity before 2022.04.2 build parameter injection was possibleEPSS 0.6%CVE-2024-54157MEDIUMIn JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detectorEPSS 0.6%CVE-2025-47853MEDIUMIn JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possibleEPSS 0.6%CVE-2025-47852MEDIUMIn JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possibleEPSS 0.6%CVE-2024-31136HIGHIn JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameterEPSS 0.5%CVE-2022-44624MEDIUMIn JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special charactersEPSS 0.5%CVE-2022-44623MEDIUMIn JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settingsEPSS 0.5%CVE-2024-28173MEDIUMIn JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosedEPSS 0.5%CVE-2024-47948MEDIUMIn JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backupsEPSS 0.5%CVE-2023-34227MEDIUMIn JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacksEPSS 0.5%