JetBrains Security Bulletin Q4 2018
We have resolved a series of security issues in our products in the fourth quarter of 2018. Here’s a report summary with descriptions of each issue and the version in which they were resolved.
|Hub, Upsource||Admin account takeover of a system authorized with Hub was possible (JPS-9594)||Critical||2018.3.11035|
|Hub, Upsource||XXE was possible (JPS-9616, UP-10218 )||High||2018.4.11067|
|JetBrains Account||Disclosure of email address within unsuccessful login attempt (JPF-8663)||High||4.11|
|TeamCity||Reflected XSS on user-level pages (TW-58065, TW-58234)||High||2018.2|
|TeamCity||Stored XSS on the build details page (TW-58129, TW-58138)||High||2018.2|
|TeamCity||Exposure of sensitive parameter value to a privileged user was possible (TW-56946)||Moderate||2018.1.3|
|Upsource||A privileged user had access to user credentials in rare case (UP-10092)||Moderate||2018.2.1141|
|Unauthorized disclosure of YouTrack InCloud subscription information was possible (JPF-8714, JT-51001)||High||2018.4.48293|
|YouTrack||Unauthorized access to project and user details with guest user banned was possible (JT-50970, JT-49827, JT-50611, JT-50203)||High||2018.3.47010|
|YouTrack||Unauthorized access to the email address of YouTrack InCloud was possible (JT-50946)||High||2018.4.48293|
|YouTrack||Stored XSS on YouTrack issue page (JT-50201)||Low||2018.3.47965|
If you need any further assistance, please contact our Support Engineers.
Subscribe to receive the bulletin in your mailbox.
Your JetBrains Team
The Drive to Develop
Subscribe to Blog updates
Thanks, we've got you!