In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm.
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.
In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.
In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure.
In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.
In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible
Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network.
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.
In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections.
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
JetBrains IDETalk plugin before version 193.4099.10 allows XXE
In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.
JetBrains MPS before 2019.2.2 exposed listening ports to the network.
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293.
The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository.
In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version.
In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.
JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances.
In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.
Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8.
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.