JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
In JetBrains Junie before 252.549.29 command execution was possible via malicious project file
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 code execution was possible due to improper command validation
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.
In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1.
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.
In JetBrains Space through 2020-04-22, the password authentication implementation was insecure.
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS.
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.
In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases.
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
In JetBrains Space through 2020-04-22, the session timeout period was configured improperly.
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges.
Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short-lived token is only meant as means of authentication by the client for less critical requests to the backend, the ability to change the email address with a short-lived token constitutes a privilege escalation attack. Since the attacker can change the password after setting the email address to one that they control, changing the email address can result in an account takeover by the attacker. Short-lived tokens can be requested from the backend by Wire clients using the long lived tokens, after which the long lived tokens can be stored securely, for example on the devices key chain. The short lived tokens can then be used to authenticate the client towards the backend for frequently performed actions such as sending and receiving messages. While short-lived tokens should not be available to an attacker per-se, they are used more often and in the shape of an HTTP header, increasing the risk of exposure to an attacker relative to the long-lived tokens, which are stored and transmitted in cookies. If you are running an on-prem instance and provision all users with SCIM, you are not affected by this issue (changing email is blocked for SCIM users). SAML single-sign-on is unaffected by this issue, and behaves identically before and after this update. The reason is that the email address used as SAML NameID is stored in a different location in the databse from the one used to contact the user outside wire. Version 2021-08-16 and later provide a new end-point that requires both the long-lived client cookie and `Authorization` header. The old end-point has been removed. If you are running an on-prem instance with at least some of the users invited or provisioned via SAML SSO and you cannot update then you can block `/self/email` on nginz (or in any other proxies or firewalls you may have set up). You don't need to discriminate by verb: `/self/email` only accepts `PUT` and `DELETE`, and `DELETE` is almost never used.
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser.