Skip to content Burger menu icon
Blog logo

Company Blog
Visit jetbrains.com
News Security

JetBrains Security Bulletin Q3 2018

Robert Demmer
Robert Demmer

We have resolved a series of security issues in our products in the third quarter of 2018. Here’s a summary report that contains a description of each issue and the version in which they were resolved.

Product Description Severity Resolved in
dotPeek, ReSharper Remote Code Execution was possible while operating specific files (DOTP-7635) High 2018.1.4
Hub Hub stored license information in log files (JPS-9187) Low 2018.2.10527
IntelliJ IDEA Insecure connection used to access JetBrains resources (IDEA-187601, IDEA-192440) Moderate 2018.1.5
IntelliJ IDEA, Rider Incorrect handling of user input in ZIP extraction (IDEA-191679, IDEA-191680, IDEA-193358) High 2018.2
JetBrains Account A few customer profiles were made available without authorization (JPF-8211) Moderate N/A
JetBrains Account It was possible to obtain customer business email from order reference (JPF-7903) Moderate N/A
Plugin Marketplace XXE vulnerability (MP-1708) Low N/A
Plugin Marketplace Incorrect handling of user input in ZIP extraction (MP-1678) Moderate N/A
ReSharper Incorrect handling of user input in ZIP extraction (RSRP-470115) High 2018.1.3
TeamCity CSRF Vulnerability (RSRP-470115) Moderate 2018.1.1
TeamCity Change of project settings can corrupt settings of other projects (TW-55704) Low 2018.1.1
TeamCity Possible privilege escalation while viewing agent details (TW-56025) Moderate 2018.1.1
TeamCity Possible unvalidated redirect (TW-56085) Moderate 2018.1.2
TeamCity Reflected XSS vulnerabilities (TW-56490, TW-56375, TW-56374) Moderate 2018.1.2
TeamCity Stored XSS vulnerabilities (TW-56830, TW-56719) Moderate 2018.1.3
TeamCity Stored XSS vulnerabilities (TW-55214, TW-56126, TW-56127, TW-56452, TW-56571) Moderate 2018.1.2
YouTrack Reflected XSS vulnerability (JT-48606) Moderate 2018.2.45073
YouTrack Possible privilege escalation via deprecated REST API (JT-48605) Low 2018.2.45073
YouTrack Possible tabnabbing via issue content (JT-47993) Low 2018.2.44329

If you need any further assistance, please contact our Support Engineers.

Subscribe to receive the bulletin in your mailbox.

Your JetBrains Team
The Drive to Develop

security bulletin
SpringShell Vulnerability in JetBrains Products and Services Next post
image description

Discover more

JetBrains IDE Services: Streamlining Enterprise Management of IDEs and AI Tools to Foster Developer Productivity

JetBrains IDE Services is an umbrella of products designed to help enterprises solve the most acute development infrastructure challenges.

Valerie Kuzmina
Valerie Kuzmina

Full Line Code Completion in JetBrains IDEs: All You Need to Know

Learn more about a new feature in v2024.1 of JetBrains IDEs – full line code completion.

Ekaterina Ryabukha
Ekaterina Ryabukha
JetBrains Annual Highlights 2024

JetBrains Annual Highlights 2024

It’s that time of the year – the JetBrains Annual Highlights are here! For over two decades, JetBrains has been on a mission to make professional software development a more productive and enjoyable experience. From our humble beginnings back in 2000, we have grown into a global company that …

JetBrains
JetBrains
JetBrains Logo

JetBrains CEO Transition

We’re pleased to announce a new chapter at JetBrains: Kirill Skrygan takes on the role of CEO. As we embrace innovation in developer tooling, we remain committed to delivering excellence to our customers and partners and are excited to continue building the future of developer technology together.

JetBrains
JetBrains