Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-54530

Summary
Assigner-JetBrains
Assigner Org ID-547ada31-17d8-4964-bc5f-1b8238ba8014
Published At-28 Jul, 2025 | 16:20
Updated At-29 Jul, 2025 | 03:55
Rejected At-
Credits

In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:JetBrains
Assigner Org ID:547ada31-17d8-4964-bc5f-1b8238ba8014
Published At:28 Jul, 2025 | 16:20
Updated At:29 Jul, 2025 | 03:55
Rejected At:
▼CVE Numbering Authority (CNA)

In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions

Affected Products
Vendor
JetBrains s.r.o.JetBrains
Product
TeamCity
Default Status
unaffected
Versions
Affected
  • From 0 before 2025.07 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-276
Type: N/A
CWE ID: N/A
Description: CWE-276
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.jetbrains.com/privacy-security/issues-fixed/
N/A
Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@jetbrains.com
Published At:28 Jul, 2025 | 17:15
Updated At:31 Jul, 2025 | 19:33

In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
JetBrains s.r.o.
jetbrains
>>teamcity>>Versions before 2025.07(exclusive)
cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-276Primarycve@jetbrains.com
CWE ID: CWE-276
Type: Primary
Source: cve@jetbrains.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.jetbrains.com/privacy-security/issues-fixed/cve@jetbrains.com
Vendor Advisory
Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/
Source: cve@jetbrains.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

143Records found
CVE-2024-43114
Matching Score-10
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-10
Assigner-JetBrains s.r.o.
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.03%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 12:48
Updated-11 Sep, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityteamcity
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-36209
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.00% / 0.17%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 13:19
Updated-04 Aug, 2024 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-hubn/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2024-27198
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-9.8||CRITICAL
EPSS-94.58% / 100.00%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 17:21
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-03-28||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityteamcityTeamCity
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-23917
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-9.8||CRITICAL
EPSS-94.30% / 99.94%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 09:21
Updated-01 Aug, 2024 | 23:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityteamcity
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-48342
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-5.2||MEDIUM
EPSS-0.00% / 0.03%
||
7 Day CHG~0.00%
Published-23 Feb, 2023 | 15:44
Updated-12 Mar, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2025-57732
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.00%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 09:14
Updated-21 Aug, 2025 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-282
Improper Ownership Management
CVE-2021-37544
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 13:23
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-51655
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 0.42%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 09:57
Updated-02 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration

Action-Not Available
Vendor-JetBrains s.r.o.
Product-intellij_ideaIntelliJ IDEA
CWE ID-CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2021-31915
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.04%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 12:12
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-31914
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 10.79%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 12:11
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.

Action-Not Available
Vendor-n/aMicrosoft CorporationJetBrains s.r.o.
Product-windowsteamcityn/a
CVE-2021-31897
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.88%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 12:19
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-webstormn/a
CVE-2021-25770
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.02% / 2.27%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 15:31
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-42793
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-9.8||CRITICAL
EPSS-94.58% / 100.00%
||
7 Day CHG~0.00%
Published-19 Sep, 2023 | 16:57
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-25||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityTeamCity
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-48477
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-4.1||MEDIUM
EPSS-0.00% / 0.04%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 12:21
Updated-04 Feb, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing

Action-Not Available
Vendor-JetBrains s.r.o.
Product-hubHub
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-11690
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.21%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-intellij_idean/a
CVE-2022-24340
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.19%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2022-25262
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 5.51%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 19:59
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-hubn/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2022-25263
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.02% / 3.84%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 19:59
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-45612
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-8.6||HIGH
EPSS-0.00% / 0.18%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 10:20
Updated-19 Sep, 2024 | 13:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE

Action-Not Available
Vendor-JetBrains s.r.o.
Product-ktorKtorktor
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-45977
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.21%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:36
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-webstormpycharmintellij_ideaphpstormcliongolandrubyminen/a
CVE-2021-43200
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.20%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:43
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2021-43183
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.21%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:53
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-hubn/a
CVE-2022-24331
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.23%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2022-24442
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.02% / 2.50%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 20:01
Updated-03 Aug, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-11796
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.00% / 0.16%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Space through 2020-04-22, the password authentication implementation was insecure.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-spacen/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-34218
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-9.1||CRITICAL
EPSS-0.00% / 0.03%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 13:03
Updated-09 Jan, 2025 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-18364
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 14.35%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 14:54
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-43202
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.20%
||
7 Day CHG~0.00%
Published-30 Nov, 2021 | 15:21
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2021-43185
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.37%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:32
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2021-43193
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 1.79%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:49
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2021-31909
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 35.90%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 11:59
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-15039
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.75%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 13:20
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-54154
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-8||HIGH
EPSS-0.10% / 27.81%
||
7 Day CHG+0.01%
Published-04 Dec, 2024 | 11:16
Updated-31 Jan, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrackyoutrack
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-12736
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 5.72%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 18:48
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-ktorn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-12157
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.00% / 0.18%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 18:51
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityupsourcen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-36470
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-8.1||HIGH
EPSS-0.00% / 0.05%
||
7 Day CHG~0.00%
Published-29 May, 2024 | 13:29
Updated-07 Feb, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityteamcity
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-25207
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 8.19%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 15:01
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-toolboxn/a
CVE-2024-41827
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-7.4||HIGH
EPSS-0.00% / 0.06%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 14:50
Updated-07 Aug, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityteamcity
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2020-25208
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.07%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 15:27
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-24337
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.00% / 0.06%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-29582
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.13%
||
7 Day CHG-0.00%
Published-03 Feb, 2021 | 15:20
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.

Action-Not Available
Vendor-n/aJetBrains s.r.o.Oracle Corporation
Product-kotlincommunications_cloud_native_core_service_communication_proxycommunications_cloud_native_core_policycommunications_cloud_native_core_network_slice_selection_functionn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-24343
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.00% / 0.03%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-15821
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.00% / 0.04%
||
7 Day CHG~0.00%
Published-08 Aug, 2020 | 20:15
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-11692
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.00% / 0.12%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-11689
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.00% / 0.04%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-18369
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.08%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 15:25
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-43199
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.08%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:46
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-18366
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.08%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 15:16
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-18367
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.06%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 15:20
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2018-9467
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.88%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 23:57
Updated-22 Nov, 2024 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-276
Incorrect Default Permissions
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found