JetBrains Security Bulletin Q4 2018
We have resolved a series of security issues in our products in the fourth quarter of 2018. Here’s a report summary with descriptions of each issue and the version in which they were resolved.
|Hub, Upsource||Admin account takeover of a system authorized with Hub was possible (JPS-9594)||Critical||2018.3.11035|
|Hub, Upsource||XXE was possible (JPS-9616, UP-10218 )||High||2018.4.11067|
|JetBrains Account||Disclosure of email address within unsuccessful login attempt (JPF-8663)||High||4.11|
|TeamCity||Reflected XSS on user-level pages (TW-58065, TW-58234)||High||2018.2|
|TeamCity||Stored XSS on the build details page (TW-58129, TW-58138)||High||2018.2|
|TeamCity||Exposure of sensitive parameter value to a privileged user was possible (TW-56946)||Moderate||2018.1.3|
|Upsource||A privileged user had access to user credentials in rare case (UP-10092)||Moderate||2018.2.1141|
|Unauthorized disclosure of YouTrack InCloud subscription information was possible (JPF-8714, JT-51001)||High||2018.4.48293|
|YouTrack||Unauthorized access to project and user details with guest user banned was possible (JT-50970, JT-49827, JT-50611, JT-50203)||High||2018.3.47010|
|YouTrack||Unauthorized access to the email address of YouTrack InCloud was possible (JT-50946)||High||2018.4.48293|
|YouTrack||Stored XSS on YouTrack issue page (JT-50201)||Low||2018.3.47965|
If you need any further assistance, please contact our Support Engineers.
Subscribe to receive the bulletin in your mailbox.
Your JetBrains Team
The Drive to Develop
Subscribe to Blog updates
Thanks, we've got you!
AI Assistant Update – August 2023
AI Assistant is a major new feature of the JetBrains IDE family in the 2023.2 release, offering integration of large language models into the IDE development workflow. The AI Assistant plugin is not bundled with the IDEs and needs to be installed separately from JetBrains Marketplace. One of the pri…
Your Go-To JetBrains Coding Tools Are Ready to Be Updated to 2023.2
We’ve now released the second update of the year for our family of IDEs, including IntelliJ IDEA, WebStorm, PyCharm, DataGrip, GoLand, DataSpell, and other tools included in your All Products Pack subscription. Check out the summaries below and dive deeper to learn more about the products you’re mos…
Remote Development with Coder and JetBrains Gateway
We are pleased to announce that we have joined forces with Coder to provide integration between Coder’s self-hosted cloud development platform and JetBrains Gateway, our remote development solution.
Redocly Brings Enhanced OpenAPI Experience to JetBrains IDEs
Starting from IntelliJ IDEA 2023.2, we have joined forces with Redocly Inc., one of the industry leaders in API documentation solutions. Using Redocly technologies in IntelliJ IDEA, GoLand, PyCharm, PhpStorm, Rider, and WebStorm will help you create clean and functional API docs from which you can r…