JetBrains Security Bulletin Q4 2019

In the fourth quarter of 2019, we resolved a series of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved.

Product Description Severity Resolved in CVE/CWE
IDETalk plugin XXE in IDETalk plugin. (IDEA-220136 reported by Srikanth Ramu) Moderate 193.4099.10 CVE-2019-18412
IntelliJ IDEA Some Maven repositories are accessed via HTTP instead of HTTPs. (IDEA-216282) High 2019.3 CVE-2020-7904
IntelliJ IDEA Ports listened to by IntelliJ IDEA are exposed to the network. (IDEA-219695) Low 2019.3 CVE-2020-7905
IntelliJ IDEA XSLT debugger plugin misconfiguration allows arbitrary file read over network. (IDEA-216621 reported by Anatoly Korniltsev) Moderate 2019.3 CVE-2020-7914
JetBrains Account Profile names are exposed by email. (JPF-9219 reported by Timon Birk) Low 2019.11 CWE-200
JetBrains Account Missing secure flag for cookie. (JPF-9857) Low 2019.11 CWE-614
JetBrains Account Insufficient authentication on contact view. (JPF-10024) High 2019.11 CWE-287
JetBrains Account Insufficient authentication on role update. (JPF-10025) High 2019.11 CWE-287
JetBrains Account XSS on the spending report page. (JPF-10027) Moderate 2019.12 CWE-79
JetBrains Account Open redirect during re-acceptance of license agreements. (JPF-10028) Low 2019.11 CWE-601
JetBrains Account Information exposure during processing of license requests. (JPF-10111) High 2019.12 CWE-200
JetBrains Website Cookie XSS at jetbrains.com. (JS-10969) High Not applicable CWE-79
Kotlin Ktor The Ktor framework is vulnerable to HTTP Response Splitting. Reported by Jonathan Leitschuh High 1.2.6 CVE-2019-19389
Kotlin Ktor The Ktor client resends authorization data to a redirect location. Reported by Jonathan Leitschu Low 1.2.6 CVE-2019-19703
Kotlin Ktor Request smuggling is possible when both chunked Transfer-Encoding and Content-Length are specified. Reported by Jonathan Leitschuh Low 1.3.0 CVE-2020-5207
Plugin Marketplace XSS on several pages. (MP-2617, MP-2640, MP-2642) Low Not applicable CWE-79
Plugin Marketplace Improper access control during plugins upload. (MP-2695) Critical Not applicable CWE-284
Rider Unsigned binaries in Windows installer. (RIDER-30393) Moderate 2019.3 CVE-2020-7906
Scala plugin Artifact dependencies were resolved over unencrypted connections. (SCL-15063) High 2019.2.1 CVE-2020-7907
TeamCity Reverse Tabnabbing is possible on several pages. (TW-61710, TW-61726, TW-61727) Low 2019.1.5 CVE-2020-7908
TeamCity Some server-stored passwords can be shown via web UI. (TW-62674) High 2019.1.5 CVE-2020-7909
TeamCity Possible stored XSS attack by a user with a developer role. (TW-63298) Moderate 2019.2 CVE-2020-7910
TeamCity Stored XSS on user-level pages. (TW-63160) High 2019.2 CVE-2020-7911
YouTrack CORS misconfiguration on youtrack.jetbrains.com. (JT-53675) Moderate Not applicable CWE-346
YouTrack SMTP/Jabber settings can be accessed using backups. (JT-54139) Moderate 2019.2.59309 CVE-2020-7912
YouTrack XSS via image upload at youtrack-workflow-converter.jetbrains.com. (JT-54589) Low Not applicable CWE-80
YouTrack XSS via issue description. (JT-54719) High 2019.2.59309 CVE-2020-7913

If you need any further assistance, please contact our Security Team.

Subscribe to receive the bulletin in your mailbox.

Your JetBrains Team
The Drive to Develop

This entry was posted in Uncategorized and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *