CVE-2022-24329: JetBrains Security Bulletin Q4 2021 | Company Blog

JetBrains Security

JetBrains Security Bulletin Q4 2021

In the fourth quarter of 2021, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved.

Product

Description

Severity

Resolved in

CVE/CWE

Datalore

Another user’s database could be attached (DL-9779)

High

Not applicable

Not applicable

Hub

JetBrains Account integration exposed API keys with excessive permissions. Reported by Yurii Sanin (HUB-10958)

High

2021.1.13890

CVE-2022-24327

Hub

An unprivileged user could perform a DoS. Reported by Yurii Sanin (HUB-10976)

High

2021.1.13956

CVE-2022-24328

IntelliJ IDEA

Code could be executed without the user’s permission on opening a project (IDEA-243002, IDEA-277306, IDEA-282396, IDEA-275917)

Medium

2021.2.4

CVE-2022-24345

IntelliJ IDEA

Potential LCE via RLO (Right-to-Left Override) characters (IDEA-284150)

Medium

2021.3.1

CVE-2022-24346

JetBrains Blog

Blind SQL injection. Reported by Khan Janny (BLOG-45)

Medium

Not applicable

Not applicable

Kotlin

No ability to lock dependencies for Kotlin Multiplatform Gradle projects. Reported by Carter Jernigan (KT-49449)

Medium

1.6.0

CVE-2022-24329

Kotlin websites

Clickjacking at kotlinlang.org (KTL-588)

Medium

Not applicable

Not applicable

Remote Development

Unexpected open port on backend server. Please refer to this blog post for additional details. Reported by Damian Gwiżdż (GTW-894)

High

Not 2021.3.1

CVE-2021-45977

Space

Missing permission check in an HTTP API response (SPACE-15991)

High

Not applicable

Not applicable

TeamCity

A redirect to an external site was possible (TW-71113)

Low

2021.2.1

CVE-2022-24330

TeamCity

Logout failed to remove the “Remember Me” cookie (TW-72969)

Low

2021.2

CVE-2022-24332

TeamCity

GitLab authentication impersonation. Reported by Christian Pedersen (TW-73375)

High

2021.1.4

CVE-2022-24331

TeamCity

The “Agent push” feature allowed any private key on the server to be selected (TW-73399)

Low

2021.2.1

CVE-2022-24334

TeamCity

Blind SSRF via an XML-RPC call. Reported by Artem Godin (TW-73465)

Medium

2021.2

CVE-2022-24333

TeamCity

Time-of-check/Time-of-use (TOCTOU) vulnerability in agent registration via XML-RPC. Reported by Artem Godin (TW-73468)

High

2021.2

CVE-2022-24335

TeamCity

An unauthenticated attacker could cancel running builds via an XML-RPC request to the TeamCity server. Reported by Artem Godin (TW-73469)

Medium

2021.2.1

CVE-2022-24336

TeamCity

Pull-requests’ health items were shown to users without appropriate permissions (TW-73516)

Low

2021.2

CVE-2022-24337

TeamCity

Stored XSS. Reported by Yurii Sanin (TW-73737)

Medium

2021.2.1

CVE-2022-24339

TeamCity

URL injection leading to CSRF. Reported by Yurii Sanin (TW-73859)

Medium

2021.2.1

CVE-2022-24342

TeamCity

Changing a password failed to terminate sessions of the edited user (TW-73888)

Low

2021.2.1

CVE-2022-24341

TeamCity

XXE during the parsing of a configuration file (TW-73932)

Medium

2021.2.1

CVE-2022-24340

TeamCity

Reflected XSS (TW-74043)

Medium

2021.2.1

CVE-2022-24338

TeamCity

Stored XSS on the Notification templates page (JT-65752))

Low

2021.4.31698

CVE-2022-24344

YouTrack

A custom logo could be set with read-only permissions (JT-66214)

Low

2021.4.31698

CVE-2022-24343

YouTrack

Stored XSS via project icon. Reported by Yurii Sanin (JT-67176)

Medium

2021.4.36872

CVE-2022-24347

If you need any further assistance, please contact our Security Team.

Subscribe to receive the bulletin in your mailbox.

Your JetBrains Team_
The Drive to Develop_

Subscribe to Blog updates