Vulnerabilities in JetBrains
325 resultsCVE-2024-28229MEDIUMIn JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articlesEPSS 0.5%CVE-2024-28230MEDIUMIn JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissionsEPSS 0.5%CVE-2022-45471LOWIn JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email addressEPSS 0.5%CVE-2015-1313—JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request daEPSS 0.5%CVE-2024-36362MEDIUMIn JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was posEPSS 0.5%CVE-2022-34894LOWIn JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted servicesEPSS 0.5%CVE-2024-31139MEDIUMIn JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detectorEPSS 0.5%CVE-2024-31135MEDIUMIn JetBrains TeamCity before 2024.03 open redirect was possible on the login pageEPSS 0.5%CVE-2024-28228MEDIUMIn JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possibleEPSS 0.5%CVE-2022-48477MEDIUMIn JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
EPSS 0.5%CVE-2022-46830MEDIUMIn JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.EPSS 0.5%CVE-2023-38068MEDIUMIn JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk formsEPSS 0.5%CVE-2024-36470HIGHIn JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge casesEPSS 0.5%CVE-2026-49366HIGHIn JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completionEPSS 0.5%CVE-2022-29811MEDIUMIn JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.EPSS 0.5%CVE-2025-59458HIGHIn JetBrains Junie before 252.284.66,
251.284.66,
243.284.66,
252.284.61,
251.284.61,
243.284.61,
252.284.50,
252.284.54,
251.284.54,
251.28EPSS 0.4%CVE-2022-29928MEDIUMIn JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possibleEPSS 0.4%CVE-2022-46831MEDIUMIn JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity projectEPSS 0.4%CVE-2023-50871MEDIUMIn JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missedEPSS 0.4%CVE-2025-46433MEDIUMIn JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possibleEPSS 0.4%