News
Security
JetBrains Security Bulletin Q4 2018
We have resolved a series of security issues in our products in the fourth quarter of 2018. Here’s a report summary with descriptions of each issue and the version in which they were resolved.
| Product | Description | Severity | Resolved in |
| Hub, Upsource | Admin account takeover of a system authorized with Hub was possible (JPS-9594) | Critical | 2018.3.11035 |
| Hub, Upsource | XXE was possible (JPS-9616, UP-10218 ) | High | 2018.4.11067 |
| JetBrains Account | Disclosure of email address within unsuccessful login attempt (JPF-8663) | High | 4.11 |
| TeamCity | Reflected XSS on user-level pages (TW-58065, TW-58234) | High | 2018.2 |
| TeamCity | Stored XSS on the build details page (TW-58129, TW-58138) | High | 2018.2 |
| TeamCity | Exposure of sensitive parameter value to a privileged user was possible (TW-56946) | Moderate | 2018.1.3 |
| Upsource | A privileged user had access to user credentials in rare case (UP-10092) | Moderate | 2018.2.1141 |
| YouTrack, JetBrains Account |
Unauthorized disclosure of YouTrack InCloud subscription information was possible (JPF-8714, JT-51001) | High | 2018.4.48293 |
| YouTrack | Unauthorized access to project and user details with guest user banned was possible (JT-50970, JT-49827, JT-50611, JT-50203) | High | 2018.3.47010 |
| YouTrack | Unauthorized access to the email address of YouTrack InCloud was possible (JT-50946) | High | 2018.4.48293 |
| YouTrack | Stored XSS on YouTrack issue page (JT-50201) | Low | 2018.3.47965 |
If you need any further assistance, please contact our Support Engineers.
Subscribe to receive the bulletin in your mailbox.
Your JetBrains Team
The Drive to Develop
Subscribe to JetBrains Blog updates
