JetBrains News Security

JetBrains Security Bulletin Q1 2021

In the first quarter of 2021, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved.

Product Description Severity Resolved in CVE/CWE
Code With Me A client could execute code in read-only mode (CWM-1235) Medium Compatible IDEs 2021.1 version CVE-2021-31899
Code With Me A client could open a browser on the host (CWM-1769) Low Compatible IDEs 2021.1 version CVE-2021-31900
Exception Analyzer No throttling on the Exception Analyzer login page. Reported by Ashhad Ali (EXA-760) Low Not applicable Not applicable
IntelliJ IDEA XXE in License server functionality. Reported by Reef Spektor (IDEA-260143) High 2020.3.3 CVE-2021-30006
IntelliJ IDEA Code execution without user confirmation was possible for untrusted projects (IDEA-260911, IDEA-260912, IDEA-260913, IDEA-261846, IDEA-261851, IDEA-262917, IDEA-263981, IDEA-264782) Medium 2020.3.3 CVE-2021-29263
IntelliJ IDEA Possible DoS. Reported by Arun Malik (IDEA-261832) Medium 2021.1 CVE-2021-30504
JetBrains Academy Potential takeover of a future account with a known email address. Reported by Vansh Devgan (JBA-110) Low Not applicable Not applicable
JetBrains Account Sensitive account URLs were shared with third parties. Reported by Vikram Naidu (JPF-11338) High 2021.02 Not applicable
JetBrains Websites Reflected XSS at blog.jetbrains.com. Reported by Peter Af Geijerstam and Jai Kumar (JS-14554, JS-14562) Low Not applicable Not applicable
Hub Two-factor authentication wasn’t enabled properly for the “All Users” group (JPS-10694) Low 2021.1.13079 CVE-2021-31901
YouTrack Stored XSS via attached file. Reported by Mikhail Klyuchnikov (JT-62530) Medium 2020.6.6441 CVE-2021-27733
YouTrack Pull request title was insufficiently sanitized (JT-62556) Medium 2021.1.9819 CVE-2021-31903
YouTrack Improper access control while exporting issues (JT-62649) High 2020.6.6600 CVE-2021-31902
YouTrack Information disclosure in issue preview. Reported by Philip Wedemann (JT-62919) High 2020.6.8801 CVE-2021-31905
PyCharm Code execution without user confirmation was possible for untrusted projects. Reported by Tony Torralba (PY-41524) Medium 2020.3.4 CVE-2021-30005
Space Insufficient CRLF sanitization in user input (SPACE-13955) Low Not applicable Not applicable
TeamCity Cloud Potential information disclosure via EC2 instance metadata (TCC-174, TCC-176) Low Not applicable Not applicable
TeamCity Cloud Temporary credentials disclosure via command injection. Reported by Chris Moore (TCC-196) Major Not applicable Not applicable
TeamCity Potential XSS on the test history page (TW-67710) Medium 2020.2.2 CVE-2021-31904
TeamCity TeamCity IntelliJ Plugin DOS. Reported by Jonathan Leitschuh (TW-69070) Low 2020.2.2 CVE-2021-26310
TeamCity Local information disclosure via a temporary file in the TeamCity IntelliJ Plugin. Reported by Jonathan Leitschuh (TW-69420) Low 2020.2.2 CVE-2021-26309
YouTrack Insufficient audit when an administrator uploads a file (TW-69511) Low 2020.2.2 CVE-2021-31906
TeamCity Improper permission checks for changing TeamCity plugins (TW-69521) Low 2020.2.2 CVE-2021-31907
TeamCity Potential XSS on the test page. Reported by Stephen Patches (TW-69737) Low 2020.2.2 CVE-2021-3315
TeamCity Argument injection leading to RCE (TW-70054) High 2020.2.3 CVE-2021-31909
TeamCity Stored XSS on several pages (TW-70078, TW-70348) Medium 2020.2.3 CVE-2021-31908
TeamCity Information disclosure via SSRF (TW-70079) High 2020.2.3 CVE-2021-31910
TeamCity Reflected XSS on several pages (TW-70093, TW-70094, TW-70095, TW-70096, TW-70137) Medium 2020.2.3 CVE-2021-31911
TeamCity Potential account takeover during password reset (TW-70303) Medium 2020.2.3 CVE-2021-31912
TeamCity Insufficient checks of the redirect_uri during GitHub SSO token exchange (TW-70358) Low 2020.2.3 CVE-2021-31913
TeamCity Arbitrary code execution on TeamCity Server running on Windows. Reported by Chris Moore (TW-70512) High 2020.2.4 CVE-2021-31914
TeamCity Command injection leading to RCE. Reported by Chris Moore (TW-70541) High 2020.2.4 CVE-2021-31915
Upsource Application passwords were not revoked correctly. Reported by Thibaut Zonca (UP-10843) High 2020.1.1883 CVE-2021-30482
WebStorm HTTP requests were used instead of HTTPS (WEB-49549) Low 2021.1 CVE-2021-31898
WebStorm Code execution without user confirmation was possible for untrusted projects (WEB-49689, WEB-49902) Low 2021.1 CVE-2021-31897

If you need any further assistance, please contact our Security Team.

Subscribe to receive the bulletin in your mailbox.

Your JetBrains Team
The Drive to Develop

image description