Auto Added by WPeMatico

JetBrains Security Bulletin Q2 2020

In the second quarter of 2020, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved.

Product Description Severity Resolved in CVE/CWE
Datalore Stack trace disclosure. (DL-7350) Low Not applicable CWE-536
Datalore Reverse tabnabbing was possible. (DL-7708) Low Not applicable CWE-1022
JetBrains Account Throttling for reset password functionality was missing if 2FA was enabled. Reported by Manu Pranav. (JPF-10527) Medium 2020.06 CWE-799
JetBrains Website Stack trace disclosure in case of an incorrect character in request. (JS-12490) Low Not applicable CWE-536
JetBrains Website Reflected XSS on jetbrains.com subdomain. Reported by Ritik Chaddha. (JS-12562) Low Not applicable CWE-79
JetBrains Website Open-redirect issues on kotlinconf.com. Reported by Ritik Chaddha. (JS-12581) Low Not applicable CWE-601
JetBrains Website Clickjacking was possible on a non-existent page. Reported by Pravas Ranjan Kanungo. (JS-12835) Low Not applicable CWE-1021
YouTrack Subtasks workflow could disclose the existence of an issue. (JT-45316) Low 2020.2.8527 CVE-2020-15818
YouTrack An external user could execute commands against arbitrary issues. (JT-56848) High 2020.1.1331 CVE-2020-15817
YouTrack SSRF vulnerability that allowed scanning internal ports. Reported by Evren Yalçın. (JT-56917) Low 2020.2.10643 CVE-2020-15819
YouTrack It was possible to change a redirect from any existing YouTrack InCloud instance to another instance. (JT-57036) Medium 2020.1.3588 CWE-601
YouTrack The markdown parser could disclose the existence of a hidden file. (JT-57235) Low 2020.2.6881 CVE-2020-15820
YouTrack A user without the appropriate permissions could create an article draft. (JT-57649) Medium 2020.2.6881 CVE-2020-15821
YouTrack The AWS metadata of a YouTrack InCloud instance was disclosed via SSRF in a workflow. Reported by Yurii Sanin. (JT-57964) High 2020.2.8873 CVE-2020-15823
YouTrack SSRF was possible because URL filtering could be escaped. Reported by Yurii Sanin. (JT-58204) Low 2020.2.10514 CVE-2020-15822
Kotlin Script cache privilege escalation vulnerability. Reported by Henrik Tunedal. (KT-38222) Medium 1.4.0 CVE-2020-15824
Space Draft title was disclosed to a user without access to the draft. (SPACE-5594) Low Not applicable CWE-200
Space A missing authorization check caused privilege escalation. Reported by Callum Carney. (SPACE-8034) High Not applicable CWE-266
Space Blind SSRF via calendar import. Reported by Yurii Sanin. (SPACE-8273) Medium Not applicable CWE-918
Space Drafts of direct messages sent from the iOS app could be sent to the channel. (SPACE-8377) Low Not applicable CWE-200
Space Chat messages were propagated to the browser console. (SPACE-8386) High Not applicable CWE-215
Space Missing authentication checks in Space Automation. (SPACE-8431) Critical Not applicable CWE-306
Space Missing authentication checks in Job-related API. (SPACE-8822) Low Not applicable CWE-306
Space Incorrect checks of public key content. (SPACE-9169) Medium Not applicable CWE-287
Space Stored XSS via repository resource. (SPACE-9277) High Not applicable CWE-79
Toolbox App Missing signature on “jetbrains-toolbox.exe”. (TBX-4671) Low 1.17.6856 CVE-2020-15827
TeamCity Users were able to assign more permissions than they had. (TW-36158) Low 2020.1 CVE-2020-15826
TeamCity Users with the “Modify group” permission could elevate other users’ privileges. (TW-58858) Medium 2020.1 CVE-2020-15825
TeamCity Password parameters could be disclosed via build logs. (TW-64484) Low 2019.2.3 CVE-2020-15829
TeamCity Project parameter values could be retrieved by a user without the appropriate permissions. (TW-64587) High 2020.1.1 CVE-2020-15828
TeamCity Reflected XSS on administration UI. (TW-64668) High 2019.2.3 CVE-2020-15831
TeamCity Stored XSS on administration UI. (TW-64699) High 2019.2.3 CVE-2020-15830
Upsource Unauthorized access was possible through an error in accounts linking. (SDP-940) Low 2020.1 CVE-2019-19704

If you need any further assistance, please contact our Security Team.

Subscribe to receive the bulletin in your mailbox.

Your JetBrains Team
The Drive to Develop

Continue ReadingJetBrains Security Bulletin Q2 2020

JetBrains Security Bulletin Q1 2020

In the first quarter of 2020, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved.

Product Description Severity Resolved in CVE/CWE
Datalore User’s SSH key can be deleted without appropriate permissions. Reported by Callum Carney (DL-7833) Moderate Not applicable CWE-639
Datalore SSRF could be caused by an attached file. Reported by Callum Carney (DL-7836) High Not applicable CWE-918
GoLand Plain HTTP was used to access plugin repository (GO-8694) Low 2019.3.2 CVE-2020-11685
IntelliJ IDEA License server could be resolved to untrusted host in some cases (IDEA-219748) High 2020.1 CVE-2020-11690
JetBrains Account Non-unique QR codes were generated during consequent attempts to set up 2FA (JPF-10149) Low 2020.01 CWE-342
JetBrains Account Clickjacking was possible on a JetBrains Account page. Reported by Raja Ahtisham (JPF-10154) Moderate 2020.01 CWE-1021
JetBrains Account Customer name enumeration by numeric customer ID was possible (JPF-10159, JPF-10301) High 2020.03 CWE-200
JetBrains Account Country value coming from a user wasn’t correctly validated (JPF-10258) High 2020.02 CWE-285
JetBrains Account Information disclosure from JetBrains Account was possible via the “Back” button. Reported by Ratnadip Gajbhiye (JPF-10266) Low 2020.02 CWE-200
JetBrains Website Reflected XSS at jetbrains.com was possible. Reported by Rahad Chowdhury (JS-11769) High Not applicable CWE-79
Hub Content spoofing at Hub OAuth error message was possible (JPS-10093) Moderate 2020.1.12099 CVE-2020-11691
Plugin Marketplace Uploading malicious file via Screenshots form could cause XSS (MP-2637) Moderate Not applicable CWE-79
PyCharm Apple Notarization Service credentials were included in PyCharm distributive for Windows. Reported by Ruby Nealon (IDEA-232217) High 2019.3.3, 2019.2.6 CVE-2020-11694
Space Session timeout period was configured improperly (SPACE-4717) Low Not applicable CVE-2020-11795
Space Stored XSS in Space chats was possible. Reported by Callum Carney (SPACE-6556) Moderate Not applicable CVE-2020-11416
Space Password authentication implementation was insecure (SPACE-7282) High Not applicable CVE-2020-11796
TeamCity Password values were shown not being masked on several pages (TW-64186) Low 2019.2.2 CVE-2020-11687
TeamCity Project administrator was able to see scrambled password parameters used in a project (TW-58099) Moderate 2019.2.2 CVE-2020-11938
TeamCity Project administrator was able to retrieve some TeamCity server settings (TW-61626) Low 2019.1.4 CVE-2020-11686
TeamCity Application state kept alive after a user ended their session (TW-61824) Low 2019.2.1 CVE-2020-11688
TeamCity A user without appropriate permissions was able import settings from settings.kts (TW-63698) Low 2019.2.1 CVE-2020-11689
YouTrack DB export was accessible to read-only administrators (JT-56001) Low 2020.1.659 CVE-2020-11692
YouTrack DoS could be performed by attaching a malformed TIFF to an issue. Reported by Chris Smith (JT-56407) High 2020.1.659 CVE-2020-11693

If you need any further assistance, please contact our Security Team.

Subscribe to receive the bulletin in your mailbox.

Your JetBrains Team
The Drive to Develop

Continue ReadingJetBrains Security Bulletin Q1 2020

End of content

No more pages to load