CVE-2021-30005: JetBrains Security Bulletin Q1 2021 | JetBrains News

JetBrains News Security

JetBrains Security Bulletin Q1 2021

In the first quarter of 2021, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved.

Product

Description

Severity

Resolved in

CVE/CWE

Code With Me

A client could execute code in read-only mode (CWM-1235)

Medium

Compatible IDEs 2021.1 version

CVE-2021-31899

Code With Me

A client could open a browser on the host (CWM-1769)

Low

Compatible IDEs 2021.1 version

CVE-2021-31900

Exception Analyzer

No throttling on the Exception Analyzer login page. Reported by Ashhad Ali (EXA-760)

Low

Not applicable

Not applicable

IntelliJ IDEA

XXE in License server functionality. Reported by Reef Spektor (IDEA-260143)

High

2020.3.3

CVE-2021-30006

IntelliJ IDEA

Code execution without user confirmation was possible for untrusted projects (IDEA-260911, IDEA-260912, IDEA-260913, IDEA-261846, IDEA-261851, IDEA-262917, IDEA-263981, IDEA-264782)

Medium

2020.3.3

CVE-2021-29263

IntelliJ IDEA

Possible DoS. Reported by Arun Malik (IDEA-261832)

Medium

2021.1

CVE-2021-30504

JetBrains Academy

Potential takeover of a future account with a known email address. Reported by Vansh Devgan (JBA-110)

Low

Not applicable

Not applicable

JetBrains Account

Sensitive account URLs were shared with third parties. Reported by Vikram Naidu (JPF-11338)

High

2021.02

Not applicable

JetBrains Websites

Reflected XSS at blog.jetbrains.com. Reported by Peter Af Geijerstam and Jai Kumar (JS-14554, JS-14562)

Low

Not applicable

Not applicable

Hub

Two-factor authentication wasn’t enabled properly for the “All Users” group (JPS-10694)

Low

2021.1.13079

CVE-2021-31901

YouTrack

Stored XSS via attached file. Reported by Mikhail Klyuchnikov (JT-62530)

Medium

2020.6.6441

CVE-2021-27733

YouTrack

Pull request title was insufficiently sanitized (JT-62556)

Medium

2021.1.9819

CVE-2021-31903

YouTrack

Improper access control while exporting issues (JT-62649)

High

2020.6.6600

CVE-2021-31902

YouTrack

Information disclosure in issue preview. Reported by Philip Wedemann (JT-62919)

High

2020.6.8801

CVE-2021-31905

PyCharm

Code execution without user confirmation was possible for untrusted projects. Reported by Tony Torralba (PY-41524)

Medium

2020.3.4

CVE-2021-30005

Space

Insufficient CRLF sanitization in user input (SPACE-13955)

Low

Not applicable

Not applicable

TeamCity Cloud

Potential information disclosure via EC2 instance metadata (TCC-174, TCC-176)

Low

Not applicable

Not applicable

TeamCity Cloud

Temporary credentials disclosure via command injection. Reported by Chris Moore (TCC-196)

Major

Not applicable

Not applicable

TeamCity

Potential XSS on the test history page (TW-67710)

Medium

2020.2.2

CVE-2021-31904

TeamCity

TeamCity IntelliJ Plugin DOS. Reported by Jonathan Leitschuh (TW-69070)

Low

2020.2.2

CVE-2021-26310

TeamCity

Local information disclosure via a temporary file in the TeamCity IntelliJ Plugin. Reported by Jonathan Leitschuh (TW-69420)

Low

2020.2.2

CVE-2021-26309

YouTrack

Insufficient audit when an administrator uploads a file (TW-69511)

Low

2020.2.2

CVE-2021-31906

TeamCity

Improper permission checks for changing TeamCity plugins (TW-69521)

Low

2020.2.2

CVE-2021-31907

TeamCity

Potential XSS on the test page. Reported by Stephen Patches (TW-69737)

Low

2020.2.2

CVE-2021-3315

TeamCity

Argument injection leading to RCE (TW-70054)

High

2020.2.3

CVE-2021-31909

TeamCity

Stored XSS on several pages (TW-70078, TW-70348)

Medium

2020.2.3

CVE-2021-31908

TeamCity

Information disclosure via SSRF (TW-70079)

High

2020.2.3

CVE-2021-31910

TeamCity

Reflected XSS on several pages (TW-70093, TW-70094, TW-70095, TW-70096, TW-70137)

Medium

2020.2.3

CVE-2021-31911

TeamCity

Potential account takeover during password reset (TW-70303)

Medium

2020.2.3

CVE-2021-31912

TeamCity

Insufficient checks of the redirect_uri during GitHub SSO token exchange (TW-70358)

Low

2020.2.3

CVE-2021-31913

TeamCity

Arbitrary code execution on TeamCity Server running on Windows. Reported by Chris Moore (TW-70512)

High

2020.2.4

CVE-2021-31914

TeamCity

Command injection leading to RCE. Reported by Chris Moore (TW-70541)

High

2020.2.4

CVE-2021-31915

Upsource

Application passwords were not revoked correctly. Reported by Thibaut Zonca (UP-10843)

High

2020.1.1883

CVE-2021-30482

WebStorm

HTTP requests were used instead of HTTPS (WEB-49549)

Low

2021.1

CVE-2021-31898

WebStorm

Code execution without user confirmation was possible for untrusted projects (WEB-49689, WEB-49902)

Low

2021.1

CVE-2021-31897

If you need any further assistance, please contact our Security Team.

Subscribe to receive the bulletin in your mailbox.

Your JetBrains Team_
The Drive to Develop_