JetBrains Security Bulletin 2018 Q1

We have resolved a series of security issues in our products within the first quarter of 2018. Below is a summary of the more important ones, including the description and the version in which they were resolved.

Product Description Severity Resolved in
dotTrace dotTrace allowed privilege escalation (PROF-668) Critical 2017.1, 2017.2, 2017.3, 2018.1

For 2017.1 and 2017.2, please apply the appropriate EtwService.msi:
dotTrace 2017.1: OS Windows x86, OS Windows x64
dotTrace 2017.2: OS Windows x86, OS Windows x64

Hub Limitation of login attempts at hub.jetbrains.com was disabled (JPS-7627) Low 2018.1.9041
Hub It was possible to obtain a new access token for a banned user (JPS-7553) Low 2017.4.8440
IntelliJ IDEA YourKit profiler port was available externally in EAP builds for Linux (IDEA-184795) Low 2018.1 (181.4203.550)
JetProfile Privilege escalation was possible for JetBrains Account activity log (JPF-7437) Moderate N/A
JetProfile Valid password links might remain upon password reset (JPF-7335) Low N/A
TeamCity VCS preview allowed XSS attack (TW-54027) Note 2017.2.3 (51047)
TeamCity Data Directory preview allowed XSS attack (TW-54021) Low 2017.2.3 (51047)
TeamCity vmWare plugin settings allowed XSS attack (TW-53984) High 2017.2.3 (51047)
TeamCity VCS settings allowed XSS attack (TW-53943, TW-53978) High 2017.2.3 (51047)
TeamCity Authentication bypass was possible with certain Windows server configuration (TW-53507) Moderate 2017.2.2 (50909)
TeamCity Project administrator could run arbitrary code (TW-50054) High 2017.2.2 (50909)
TeamCity Build fields allowed XSS attack (TW-53466) Moderate 2017.2.2 (50909)
TeamCity Multiple XSS vulnerabilities (reported by Viktor Gazdag of NCC Group) (TW-53442) High 2017.2.2 (50909)
TeamCity JavaScript injection to Azure ARM plugin settings was possible (TW-53986) Moderate N/A
Upsource Multiple XSS vulnerabilities (Reported by Viktor Gazdag of NCC Group) (UP-9606) Moderate 2017.3.2888
YouTrack RSS feed allowed unauthorized access to comments with certain configuration (JT-46375) Moderate 2018.1.40341
YouTrack REST API allowed unauthorized access to attachments of hidden comments (JT-46004) Moderate 2018.1.40341
YouTrack RSS feed allowed unauthorized access to issues list with certain configuration (JT-46159) High 2018.1.40066
YouTrack Custom fields allowed privilege escalation for guest user account (JT-46115) Moderate 2018.1.40025
YouTrack Issue linking permission bypassing was available via “Create issue linked as…” (JT-25321) Moderate 2017.4.39533
YouTrack Unauthorized access to issue content was possible even if guest user access was restricted in the bundle installer (JT-45284) Low 2017.4.39083
YouTrack Activity records for private fields were available to users with read-only permissions (JT-45282) Moderate 2017.4.39083

If you need any further assistance, please contact our Support Team.

Subscribe to receive the bulletin in your mailbox.

Your JetBrains Team
The Drive to Develop

This entry was posted in News and tagged . Bookmark the permalink.

2 Responses to JetBrains Security Bulletin 2018 Q1

  1. Oddbjørn Bakke says:

    Thank you for sharing. :)

    But, ‘Below is a summary of the more important ones’. Is there any good and simplified overview like the one above for the less important ones?

    • Eugene Toporov says:

      Hi Oddbjørn,

      Less important are those that were found and resolved within the product development phase before releasing them to users. As they don’t affect external users of our products, we don’t make them publicly available.

Leave a Reply

Your email address will not be published. Required fields are marked *