Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-12841

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-03 Jul, 2019 | 19:44
Updated At-04 Aug, 2024 | 23:32
Rejected At-
Credits

Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:03 Jul, 2019 | 19:44
Updated At:04 Aug, 2024 | 23:32
Rejected At:
▼CVE Numbering Authority (CNA)

Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/
x_refsource_CONFIRM
Hyperlink: https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/
x_refsource_CONFIRM
x_transferred
Hyperlink: https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 Jul, 2019 | 20:15
Updated At:09 Jul, 2019 | 19:00

Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches
JetBrains s.r.o.
jetbrains
>>teamcity>>Versions before 2018.2.2(exclusive)
cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/cve@mitre.org
Vendor Advisory
Hyperlink: https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

461Records found
CVE-2021-37545
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.07%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 13:24
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-37547
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.10%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 13:25
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2020-11795
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.08%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Space through 2020-04-22, the session timeout period was configured improperly.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-spacen/a
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2022-24332
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.10%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2022-24329
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.06%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-29 Oct, 2024 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.

Action-Not Available
Vendor-n/aJetBrains s.r.o.Oracle Corporation
Product-kotlincommunications_cloud_native_core_binding_support_functioncommunications_pricing_design_centern/a
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2020-27624
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.06%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 14:59
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-27626
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.06%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 14:58
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-24334
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.14%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2021-43201
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.11%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:41
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2021-43192
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.11%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:36
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.Apple Inc.
Product-iphone_osyoutrack_mobilen/a
CVE-2021-43203
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.07%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:52
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-ktorn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-24341
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.10%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2020-11691
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.11%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-hubn/a
CVE-2019-18369
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.08%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 15:25
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-43191
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.11%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:35
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS.

Action-Not Available
Vendor-n/aGoogle LLCJetBrains s.r.o.Apple Inc.
Product-androidiphone_osyoutrack_mobilen/a
CVE-2021-43195
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.11%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:47
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2021-43199
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.08%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:46
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-43190
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.11%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:37
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible.

Action-Not Available
Vendor-n/aGoogle LLCJetBrains s.r.o.
Product-androidyoutrack_mobilen/a
CVE-2021-31900
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.07%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 11:22
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Code With Me bundled to the compatible IDE versions before 2021.1, a client could open a browser on a host.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-code_with_men/a
CVE-2021-31907
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.07%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 11:56
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-31902
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.06%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 11:38
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-15042
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.03%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 16:41
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-25762
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.09%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 15:24
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-ktorn/a
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2021-25768
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.09%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 15:29
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CVE-2021-25778
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.09%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 15:50
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2021-37550
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.10%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 13:29
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-697
Incorrect Comparison
CVE-2019-18367
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.06%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 15:20
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-14955
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.08%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 15:50
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-hubn/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2019-15038
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.11%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 15:46
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2022-24336
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 0.20%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2021-31901
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.08%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 11:34
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-hubn/a
CVE-2019-12845
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.08%
||
7 Day CHG~0.00%
Published-03 Jul, 2019 | 19:42
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-25777
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.06%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 15:50
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-25764
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.11%
||
7 Day CHG~0.00%
Published-18 Mar, 2021 | 19:20
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains PhpStorm before 2020.3, source code could be added to debug logs.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-phpstormn/a
CVE-2020-15827
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.03%
||
7 Day CHG~0.00%
Published-08 Aug, 2020 | 20:24
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-toolboxn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-5207
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.00% / 0.16%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 19:30
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Request smuggling is possible in Ktor when both chunked TE and content length specified

In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.

Action-Not Available
Vendor-Ktor.ioJetBrains s.r.o.
Product-ktorKtor
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2024-24941
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 0.32%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 09:21
Updated-01 Aug, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL

Action-Not Available
Vendor-JetBrains s.r.o.
Product-intellij_ideaIntelliJ IDEA
CWE ID-CWE-20
Improper Input Validation
CVE-2022-37010
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-3.6||LOW
EPSS-0.00% / 0.03%
||
7 Day CHG~0.00%
Published-28 Jul, 2022 | 10:25
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed

Action-Not Available
Vendor-JetBrains s.r.o.
Product-intellij_ideaIntelliJ IDEA
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12157
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.00% / 0.18%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 18:51
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityupsourcen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-4310
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.23% / 46.05%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 22:57
Updated-07 Aug, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles.

Action-Not Available
Vendor-The CMS Made Simple Foundation
Product-cms_made_simpleCMSMS
CWE ID-CWE-20
Improper Input Validation
CVE-2016-5418
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-5.22% / 89.56%
||
7 Day CHG~0.00%
Published-21 Sep, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

Action-Not Available
Vendor-n/aOracle CorporationlibarchiveRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linux_server_ausenterprise_linux_hpc_nodelibarchiveenterprise_linux_desktopenterprise_linux_server_eusopenshiftenterprise_linux_workstationenterprise_linux_hpc_node_euslinuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3011
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-5||MEDIUM
EPSS-0.60% / 68.49%
||
7 Day CHG~0.00%
Published-17 Sep, 2010 | 17:46
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-system_management_homepagen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-3367
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.13% / 33.32%
||
7 Day CHG~0.00%
Published-29 Nov, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.

Action-Not Available
Vendor-arora-browsern/a
Product-aroran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2086
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.74%
||
7 Day CHG~0.00%
Published-07 Apr, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Action-Not Available
Vendor-n/aNode.js (OpenJS Foundation)Fedora Project
Product-fedoranode.jsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1586
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-1.8||LOW
EPSS-0.18% / 39.61%
||
7 Day CHG~0.00%
Published-22 Apr, 2019 | 15:35
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3.

Action-Not Available
Vendor-oxide_projectUbuntu
Product-oxideOxide
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9025
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.65%
||
7 Day CHG~0.00%
Published-18 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.

Action-Not Available
Vendor-Broadcom Inc.
Product-privileged_access_managerCA Privileged Access Manager
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1494
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-5.09% / 89.41%
||
7 Day CHG~0.00%
Published-13 Jan, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

Action-Not Available
Vendor-n/aPython Software FoundationFedora ProjectopenSUSE
Product-fedorarsaleapopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4433
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-10.63% / 93.00%
||
7 Day CHG~0.00%
Published-04 Jul, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-strutsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-8474
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-19.51% / 95.18%
||
7 Day CHG~0.00%
Published-13 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Security Feature Bypass Vulnerability." This affects Microsoft Lync.

Action-Not Available
Vendor-Microsoft Corporation
Product-lync_for_macMicrosoft Lync
CWE ID-CWE-20
Improper Input Validation
CVE-2019-15640
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.63%
||
7 Day CHG~0.00%
Published-26 Aug, 2019 | 16:51
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image.

Action-Not Available
Vendor-limesurveyn/a
Product-limesurveyn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found