JetBrains Security Bulletin Q3 2020

Robert Demmer

In the third quarter of 2020, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved.

Product Description Severity Resolved in CVE/CWE
IdeaVim In limited circumstances, IdeaVim might have caused an information leak. (VIM-2019) High 58 CVE-2020-27623
IntelliJ IDEA Built-in web server could expose information about IDE version. (IDEA-240567) Low 2020.2 CVE-2020-27622
JetBrains Account Improper rate limit. Reported by Ashhad Ali. (JPF-11026) Low 2020.09 CWE-799
JetBrains Account Password reset token might be disclosed to a third party. Reported by Sheikh Rishad. (JPF-11034) Low 2020.10 CWE-201
JetBrains Marketplace Blind SSRF. Reported by Yurii Sanin. (MP-3119) High Not applicable CWE-918
JetBrains Website Reflected XSS. Reported by Peter af Geijerstam. (JS-13032) Medium Not applicable CWE-79
JetBrains Website HTML injection was possible on several pages. (JS-13041) Medium Not applicable CWE-79
JetBrains Website Clickjacking was possible on several pages. (JS-13042) Low Not applicable CWE-1021
JetBrains Website SSRF on the website. Reported by Mohamed Lahraoui. (SDP-1174) Low Not applicable CWE-918
Ktor HTTP request smuggling was possible. Reported by ZeddYu Lu and Kaiwen Shen. (KTOR-841) Medium 1.4.1 CVE-2020-26129
Space Unauthorized access to environment variables containing private data. (SPACE-10723) Medium Not applicable CWE-532
TeamCity URL injection was possible. (TW-44171 Low 2020.1.2 CVE-2020-27627
TeamCity Guest user had access to audit records. (TW-67750) Medium 2020.1.5 CVE-2020-27628
TeamCity Secure dependency parameters could be not masked in depending builds when there are no internal artifacts. (TW-67775) High 2020.1.5 CVE-2020-27629
Toolbox App Limited RCE via JetBrains protocol handler. Reported by Jeffrey van Gogh and Yuriy Solodkyy. (SDP-1177) Low 1.18 CVE-2020-25207
Toolbox App Denial of service via JetBrains protocol handler. (TBX-5281) Low 1.18.7455 CVE-2020-25013
YouTrack Blind SSRF. Reported by Yurii Sanin. (JT-58015) Low 2020.3.888 CVE-2020-27624
YouTrack Notifications might have mentioned inaccessible issues. (JT-58329) Low 2020.3.888 CVE-2020-27625
YouTrack SSRF in YouTrack InCloud. Reported by Yurii Sanin. (JT-58962) Medium 2020.3.5333 CVE-2020-27626
YouTrack Improper access control allowed retrieving issue description without appropriate access. Reported by Yurii Sanin. (JT-59015) Critical 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.3.65516, 2019.2.65515, 2019.1.65514 CVE-2020-24618
YouTrack Improper access control for some subresources could lead to information disclosure. Reported by Yurii Sanin. (JT-59130) Medium 2020.3.6638 CVE-2020-25209
YouTrack An attacker could access workflow rules without appropriate access granted (JT-59474) High 2020.3.7955 CVE-2020-25210
YouTrack Mobile Information disclosure via application backups. Reported by Cristi Vlad. (YTM-5518) Low 2020.2.0 CVE-2020-24366

If you need any further assistance, please contact our Security Team.

Subscribe to receive the bulletin in your mailbox.

Your JetBrains Team
The Drive to Develop