Vulnerabilidades en JetBrains
325 resultadosCVE-2022-38179MEDIUMJetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attackEPSS 0.4%CVE-2023-34228MEDIUMIn JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actionsEPSS 0.4%CVE-2025-57730MEDIUMIn JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development featureEPSS 0.4%CVE-2025-26492HIGHIn JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resourcesEPSS 0.4%CVE-2022-38133LOWIn JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some casesEPSS 0.4%CVE-2025-59455MEDIUMIn JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race conditionEPSS 0.4%CVE-2022-29820LOWIn JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possibleEPSS 0.4%CVE-2024-36378MEDIUMIn JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokensEPSS 0.4%CVE-2022-28649MEDIUMIn JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue descriptionEPSS 0.4%CVE-2024-46970LOWIn JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possibleEPSS 0.4%CVE-2024-31137MEDIUMIn JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configurationEPSS 0.4%CVE-2022-48344MEDIUMIn JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.EPSS 0.4%CVE-2025-32054LOWIn JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log fileEPSS 0.4%CVE-2024-47160MEDIUMIn JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possibleEPSS 0.4%CVE-2022-29817LOWIn JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possibleEPSS 0.4%CVE-2026-56141CRITICALIn JetBrains Hub before 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.148429 account takeover via predictEPSS 0.4%CVE-2024-48902MEDIUMIn JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via APEPSS 0.4%CVE-2024-38504MEDIUMIn JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articlesEPSS 0.4%CVE-2024-24937MEDIUMIn JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possibleEPSS 0.4%CVE-2022-44646LOWIn JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settingsEPSS 0.4%