In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
In JetBrains TeamCity before 2026.1
2025.11.5 authenticated users could expose server API to unauthorised access
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
In JetBrains IDE Services before 2025.5.0.1086,
2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves
In JetBrains Hub before 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.148429 authentication bypass via direct database access leading to administrative access was po
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations
In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas
In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files
In JetBrains Hub before 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.148429 privilege escalation by attaching authentication details to accounts was possible
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
Page 1+ Next →