JetBrains Security Bulletin Q3 2018

We have resolved a series of security issues in our products in the third quarter of 2018. Here’s a summary report that contains a description of each issue and the version in which they were resolved.

Product Description Severity Resolved in
dotPeek, ReSharper Remote Code Execution was possible while operating specific files (DOTP-7635) High 2018.1.4
Hub Hub stored license information in log files (JPS-9187) Low 2018.2.10527
IntelliJ IDEA Insecure connection used to access JetBrains resources (IDEA-187601, IDEA-192440) Moderate 2018.1.5
IntelliJ IDEA, Rider Incorrect handling of user input in ZIP extraction (IDEA-191679, IDEA-191680, IDEA-193358) High 2018.2
JetBrains Account A few customer profiles were made available without authorization (JPF-8211) Moderate N/A
JetBrains Account It was possible to obtain customer business email from order reference (JPF-7903) Moderate N/A
Plugin Marketplace XXE vulnerability (MP-1708) Low N/A
Plugin Marketplace Incorrect handling of user input in ZIP extraction (MP-1678) Moderate N/A
ReSharper Incorrect handling of user input in ZIP extraction (RSRP-470115) High 2018.1.3
TeamCity CSRF Vulnerability (RSRP-470115) Moderate 2018.1.1
TeamCity Change of project settings can corrupt settings of other projects (TW-55704) Low 2018.1.1
TeamCity Possible privilege escalation while viewing agent details (TW-56025) Moderate 2018.1.1
TeamCity Possible unvalidated redirect (TW-56085) Moderate 2018.1.2
TeamCity Reflected XSS vulnerabilities (TW-56490, TW-56375, TW-56374) Moderate 2018.1.2
TeamCity Stored XSS vulnerabilities (TW-56830, TW-56719) Moderate 2018.1.3
TeamCity Stored XSS vulnerabilities (TW-55214, TW-56126, TW-56127, TW-56452, TW-56571) Moderate 2018.1.2
YouTrack Reflected XSS vulnerability (JT-48606) Moderate 2018.2.45073
YouTrack Possible privilege escalation via deprecated REST API (JT-48605) Low 2018.2.45073
YouTrack Possible tabnabbing via issue content (JT-47993) Low 2018.2.44329

If you need any further assistance, please contact our Support Engineers.

Subscribe to receive the bulletin in your mailbox.

Your JetBrains Team
The Drive to Develop

This entry was posted in News and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *