Vulnerabilidades en JetBrains
325 resultadosCVE-2024-38505MEDIUMIn JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party siteEPSS 0.4%CVE-2022-44622LOWIn JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessiveEPSS 0.4%CVE-2026-50242CRITICALIn JetBrains Hub before 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.148429 authentication bypass via diEPSS 0.4%CVE-2022-29929LOWIn JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possibleEPSS 0.4%CVE-2022-46829HIGHIn JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.EPSS 0.4%CVE-2024-31134MEDIUMIn JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registratioEPSS 0.4%CVE-2026-33392HIGHIn JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypassEPSS 0.4%CVE-2024-31140MEDIUMIn JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing toolsEPSS 0.4%CVE-2026-25848CRITICALIn JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possibleEPSS 0.4%CVE-2026-56142CRITICALIn JetBrains Hub before 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.148429 privilege escalation by attaEPSS 0.4%CVE-2023-38067MEDIUMIn JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent logEPSS 0.4%CVE-2023-38064MEDIUMIn JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent logEPSS 0.4%CVE-2026-49373HIGHIn JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settingsEPSS 0.4%CVE-2024-24943MEDIUMIn JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG imageEPSS 0.4%CVE-2024-22370MEDIUMIn JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possibleEPSS 0.4%CVE-2024-41827HIGHIn JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expirationEPSS 0.4%CVE-2025-67741MEDIUMIn JetBrains TeamCity before 2025.11 stored XSS was possible via session attributeEPSS 0.4%CVE-2024-54155LOWIn JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authenticationEPSS 0.4%CVE-2026-41882HIGHIn JetBrains IntelliJ IDEA before 2024.3.7.1,
2025.1.7.1,
2025.2.6.2,
2025.3.4.1,
2026.1.1 reading arbitrary local files was possible viEPSS 0.4%CVE-2022-38179MEDIUMJetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attackEPSS 0.4%