In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests
In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings
In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration
In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources
In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible
In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Pr
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack