Headline
CVE-2021-25758: JetBrains Security Bulletin Q4 2020 | JetBrains News
In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution.
JetBrains News Security
JetBrains Security Bulletin Q4 2020
In the fourth quarter of 2020, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved.
Product
Description
Severity
Resolved in
CVE/CWE
Code With Me
An attacker in the local network knowing the session ID could get access to the encrypted traffic. Reported by Grigorii Liullin (CWM-1067)
Low
2020.3
CVE-2021-25755
Datalore
Server components versions were disclosed (DL-8327, DL-8335)
Low
Not applicable
CWE-200
Exception Analyzer
Information disclosure via the Exception Analyzer (SDP-1248)
Low
Not applicable
CWE-200
IntelliJ IDEA
HTTP links were used for several remote repositories (IDEA-228726)
Low
2020.2
CVE-2021-25756
IntelliJ IDEA
Potentially insecure deserialization of the workspace model (IDEA-253582)
Low
2020.3
CVE-2021-25758
JetBrains Account
Authorization token was sent as a query parameter within Zendesk integration (JPF-10508)
Low
2020.11
CWE-598
JetBrains Account
Open-redirect was possible (JPF-10660)
Low
2020.10
CWE-601
JetBrains Websites
Cross-origin resource sharing was possible. Reported by Ashhad Ali (SDP-1193)
Low
Not applicable
CWE-942
JetBrains Websites
Throttling was not used for a particular endpoint. Reported by Ashhad Ali (SDP-1197)
Low
Not applicable
CWE-799
JetBrains Websites
Clickjacking was possible. Reported by Ashhad Ali (SDP-1203)
Low
Not applicable
CWE-1021
Hub
Open-redirect was possible. Reported by Mohammed Amine El Attar (JPS-10348)
Medium
2020.1.12629
CVE-2021-25757
Hub
An authorized user could delete the 2FA settings of any other user (JPS-10410)
Medium
2020.1.12629
CVE-2021-25759
Hub
Information disclosure via public API (JPS-10481)
Low
2020.1.12669
CVE-2021-25760
Kotlin
A vulnerable Java API was used for creating temporary files and folders, which could make temporary files available for other users of a system. Reported by Jonathan Leitschuh (KT-42181)
Low
1.4.21
CVE-2020-29582
Ktor
Birthday attack on SessionStorage key was possible. Reported by Kenta Koyama (KTOR-878)
Low
1.5.0
CVE-2021-25761
Ktor
Weak cipher suites were enabled by default. Reported by Johannes Ulfkjær Jensen (KTOR-895)
Low
1.4.2
CVE-2021-25763
Ktor
HTTP Request Smuggling was possible. Reported by ZeddYu Lu, Kaiwen Shen, and Yaru Yang (KTOR-1116)
Low
1.4.3
CVE-2021-25762
PhpStorm
Source code could be added to debug logs (WI-54619)
Low
2020.3
CVE-2021-25764
YouTrack
CSRF via attachment upload. Reported by Yurii Sanin (JT-58157)
Medium
2020.4.4701
CVE-2021-25765
YouTrack
Users enumeration via the REST API without the appropriate permissions (JT-59396, JT-59498)
Low
2020.4.4701
CVE-2020-25208
YouTrack
Improper resource access checks (JT-59397)
Low
2020.4.4701
CVE-2021-25766
YouTrack
Issue’s existence disclosure via the YouTrack command execution (JT-59663)
Low
2020.6.1767
CVE-2021-25767
YouTrack
Improper permissions checks for attachment actions (JT-59900)
Low
2020.4.4701
CVE-2021-25768
YouTrack
Improper permissions checks for attachment actions (JT-59900)
Low
2020.4.4701
CVE-2021-25768
YouTrack
YouTrack admin wasn’t able to access attachments (JT-60824)
Low
2020.4.6808
CVE-2021-25769
YouTrack
Server-side template injection in YouTrack InCloud. Reported by Vasily Vasilkov (JT-61449)
High
2020.5.3123
CVE-2021-25770
YouTrack
Project information disclosure (JT-61566)
Low
2020.6.1099
CVE-2021-25771
Space
Potential information disclosure via logs (SPACE-9343, SPACE-10969)
Low
Not applicable
CWE-532
Space
An attacker could obtain limited information via SSRF while testing the connection to a mirrored repository (SPACE-9514)
High
Not applicable
CWE-918
Space
Content-Type header wasn’t set for some pages (SPACE-12004)
Low
Not applicable
CWE-531
Space
A REST API endpoint was available without an appropriate permissions check, which could introduce a potential DOS vector (no real exploit available). (SPACE-12288)
Low
Not applicable
CWE-732
TeamCity
Reflected XSS on several pages (TW-67424, TW-68098)
Medium
2020.2
CVE-2021-25773
TeamCity
TeamCity server DoS was possible via server integration (TW-68406, TW-68780)
Low
2020.2
CVE-2021-25772
TeamCity
ECR token exposure in the build’s parameters (TW-68515)
Medium
2020.2
CVE-2021-25776
TeamCity
A user could get access to the GitHub access token of another user (TW-68646)
Low
2020.2.1
CVE-2021-25774
TeamCity
Server admin could create and see access tokens for any other users (TW-68862)
Low
2020.2.1
CVE-2021-25775
TeamCity
Improper permissions checks during user deletion (TW-68864)
Low
2020.2.1
CVE-2021-25778
TeamCity
Improper permissions checks during tokens removal (TW-68871)
Low
2020.2.1
CVE-2021-25777
TeamCity
TeamCity Plugin SSRF. Vulnerability that could potentially expose user credentials. Reported by Jonathan Leitschuh (TW-69068)
High
2020.2.85695
CVE-2020-35667
If you need any further assistance, please contact our Security Team.
Subscribe to receive the bulletin in your mailbox.
Your JetBrains Team_
The Drive to Develop_