JetBrains Security Bulletin 2018 Q2
We have resolved a series of security issues in our products in the second quarter of 2018. Here’s a summary report that contains a description of each issue and the version in which they were resolved.
|Hub||ClickJacking vulnerability (JPS-7209)||Low||2017.4.8040|
|Hub||ClickJacking vulnerability (JPS-8009)||Low||2018.2.9541|
|IntelliJ IDEA||ROBOT attack vulnerability in certain subsystems (IDEA-183912)||Low||2018.1.3|
|Scala||Possible unauthenticated access to local compile server (SCL-13584)||Moderate||2018.2|
|TeamCity||Possible privilege escalation to server administrator (TW-55209)||High||2018.1|
|TeamCity||CSRF attack vulnerability (TW-55210)||High||2018.1|
|TeamCity||Possible privilege escalation from project administrator to server administrator (TW-55211, TW-55684)||High||2018.1|
|TeamCity||Possible unauthorized removal of installation data by project administrator (TW-54876)||High||2018.1|
|TeamCity||Network access to an agent allowed potential unauthorized control over the agent (TW-49335)||Moderate||2018.1|
|TeamCity||In a very specific scenario, an attacker could steal web responses meant for other users (TW-54486)||Moderate||2018.1|
|TeamCity||Stored XSS vulnerabilities on various pages (TW-27206, TW-54129, TW-55453, TW-55215, TW-55217, TW-55353)||Moderate||2018.1|
|TeamCity||Project viewer could delete non-critical project settings (TW-55261)||Moderate||2018.1|
|TeamCity||Network access to a server allowed potential read access to project settings (TW-54870)||Moderate||2018.1|
|TeamCity||Project viewer could affect details of some running builds (TW-54975)||Moderate||2018.1|
|TeamCity||Reflected XSS vulnerabilities on various pages (TW-55212, TW-55213)||Moderate||2018.1|
|TeamCity||User self-registration might have been enabled by default on new server installation (TW-54741)||Moderate||2017.2.4, 2018.1|
|TeamCity||Possible vulnerability to ClickJacking attack from TeamCity UI (TW-33819)||Moderate||2017.2.4, 2018.1|
|TeamCity||Project viewer could bypass the “View build runtime parameters and data” permission (TW-55502)||Low||2018.1|
|TeamCity||Network access to a server exposed a vulnerability to DoS attacks (TW-11984)||Low||2018.1|
|TeamCity||Potential to pass authorization cookies without secure flags (TW-55141)||Low||2018.1|
|Upsource||Vulnerability to ClickJacking attack (UP-9673)||Moderate||2018.1|
|Upsource||Possible privilege escalation during the configuration process (BND-1154, BND-1579, UP-7359) Reported by Zhiyong Feng from Mobike Security Team||Low||2018.1|
|YouTrack||Stored XSS vulnerabilities from specific pages (JT-47824)||High||2018.2.42881|
|YouTrack||Potential for unauthorized users to view names of SSL keys (JT-47685)||Low||2018.2.42881|
|YouTrack||Swimlane functionality allowed unauthorized changes to a limited number of issue properties (JT-47125)||Note||2018.2.42133|
If you need any further assistance, please contact our Support Team.
Subscribe to receive the bulletin in your mailbox.
Your JetBrains Team
The Drive to Develop
Subscribe to Blog updates
Thanks, we've got you!
AI Assistant Update – August 2023
AI Assistant is a major new feature of the JetBrains IDE family in the 2023.2 release, offering integration of large language models into the IDE development workflow. The AI Assistant plugin is not bundled with the IDEs and needs to be installed separately from JetBrains Marketplace. One of the pri…
Your Go-To JetBrains Coding Tools Are Ready to Be Updated to 2023.2
We’ve now released the second update of the year for our family of IDEs, including IntelliJ IDEA, WebStorm, PyCharm, DataGrip, GoLand, DataSpell, and other tools included in your All Products Pack subscription. Check out the summaries below and dive deeper to learn more about the products you’re mos…
Remote Development with Coder and JetBrains Gateway
We are pleased to announce that we have joined forces with Coder to provide integration between Coder’s self-hosted cloud development platform and JetBrains Gateway, our remote development solution.
Redocly Brings Enhanced OpenAPI Experience to JetBrains IDEs
Starting from IntelliJ IDEA 2023.2, we have joined forces with Redocly Inc., one of the industry leaders in API documentation solutions. Using Redocly technologies in IntelliJ IDEA, GoLand, PyCharm, PhpStorm, Rider, and WebStorm will help you create clean and functional API docs from which you can r…