Skip to content Burger menu icon
Blog logo

Company
Visit jetbrains.com
News Security

JetBrains Security Bulletin Q3 2018

Robert Demmer
Robert Demmer

We have resolved a series of security issues in our products in the third quarter of 2018. Here’s a summary report that contains a description of each issue and the version in which they were resolved.

Product Description Severity Resolved in
dotPeek, ReSharper Remote Code Execution was possible while operating specific files (DOTP-7635) High 2018.1.4
Hub Hub stored license information in log files (JPS-9187) Low 2018.2.10527
IntelliJ IDEA Insecure connection used to access JetBrains resources (IDEA-187601, IDEA-192440) Moderate 2018.1.5
IntelliJ IDEA, Rider Incorrect handling of user input in ZIP extraction (IDEA-191679, IDEA-191680, IDEA-193358) High 2018.2
JetBrains Account A few customer profiles were made available without authorization (JPF-8211) Moderate N/A
JetBrains Account It was possible to obtain customer business email from order reference (JPF-7903) Moderate N/A
Plugin Marketplace XXE vulnerability (MP-1708) Low N/A
Plugin Marketplace Incorrect handling of user input in ZIP extraction (MP-1678) Moderate N/A
ReSharper Incorrect handling of user input in ZIP extraction (RSRP-470115) High 2018.1.3
TeamCity CSRF Vulnerability (RSRP-470115) Moderate 2018.1.1
TeamCity Change of project settings can corrupt settings of other projects (TW-55704) Low 2018.1.1
TeamCity Possible privilege escalation while viewing agent details (TW-56025) Moderate 2018.1.1
TeamCity Possible unvalidated redirect (TW-56085) Moderate 2018.1.2
TeamCity Reflected XSS vulnerabilities (TW-56490, TW-56375, TW-56374) Moderate 2018.1.2
TeamCity Stored XSS vulnerabilities (TW-56830, TW-56719) Moderate 2018.1.3
TeamCity Stored XSS vulnerabilities (TW-55214, TW-56126, TW-56127, TW-56452, TW-56571) Moderate 2018.1.2
YouTrack Reflected XSS vulnerability (JT-48606) Moderate 2018.2.45073
YouTrack Possible privilege escalation via deprecated REST API (JT-48605) Low 2018.2.45073
YouTrack Possible tabnabbing via issue content (JT-47993) Low 2018.2.44329

If you need any further assistance, please contact our Support Engineers.

Subscribe to receive the bulletin in your mailbox.

Your JetBrains Team
The Drive to Develop

security bulletin
SpringShell Vulnerability in JetBrains Products and Services Next post
image description

Discover more

IDE Services Cloud Release and Floating License Server End-of-Life Announcements

JetBrains IDE Services, the enterprise suite of products dedicated to improving developer productivity across an entire organization, is now available in the cloud! By offering a JetBrains-managed service, IDE Services Cloud simplifies license management, enhances security, and provides seamless …

Yegor Naumov
Yegor Naumov

WebStorm and Rider Are Now Free for Non-Commercial Use

WebStorm and Rider, JetBrains IDEs, are now free for non-commercial use! Learn more in the blog post.

Ekaterina Ryabukha
Ekaterina Ryabukha

Introducing Mellum: JetBrains’ New LLM Built for Developers

JetBrains has launched Mellum – the large language model designed just for developers.

Valerie Kuzmina
Valerie Kuzmina
JetBrains at the ICPC World Finals 2024 Astana

JetBrains at the ICPC World Finals 2024 Astana

The ICPC World Finals Astana 2024 was an unforgettable event, bringing together the brightest young minds in competitive programming. At JetBrains, we were thrilled to participate, connecting with students, coaches, and the broader community. This experience reinforced our commitment to nurturing emerging programming talent globally.

Margarita Shadrina
Margarita Shadrina