Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-25758: JetBrains Security Bulletin Q4 2020 | JetBrains News

In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution.

CVE
#xss#csrf#vulnerability#web#git#java

JetBrains News Security

JetBrains Security Bulletin Q4 2020

Robert Demmer

In the fourth quarter of 2020, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved.

Product

Description

Severity

Resolved in

CVE/CWE

Code With Me

An attacker in the local network knowing the session ID could get access to the encrypted traffic. Reported by Grigorii Liullin (CWM-1067)

Low

2020.3

CVE-2021-25755

Datalore

Server components versions were disclosed (DL-8327, DL-8335)

Low

Not applicable

CWE-200

Exception Analyzer

Information disclosure via the Exception Analyzer (SDP-1248)

Low

Not applicable

CWE-200

IntelliJ IDEA

HTTP links were used for several remote repositories (IDEA-228726)

Low

2020.2

CVE-2021-25756

IntelliJ IDEA

Potentially insecure deserialization of the workspace model (IDEA-253582)

Low

2020.3

CVE-2021-25758

JetBrains Account

Authorization token was sent as a query parameter within Zendesk integration (JPF-10508)

Low

2020.11

CWE-598

JetBrains Account

Open-redirect was possible (JPF-10660)

Low

2020.10

CWE-601

JetBrains Websites

Cross-origin resource sharing was possible. Reported by Ashhad Ali (SDP-1193)

Low

Not applicable

CWE-942

JetBrains Websites

Throttling was not used for a particular endpoint. Reported by Ashhad Ali (SDP-1197)

Low

Not applicable

CWE-799

JetBrains Websites

Clickjacking was possible. Reported by Ashhad Ali (SDP-1203)

Low

Not applicable

CWE-1021

Hub

Open-redirect was possible. Reported by Mohammed Amine El Attar (JPS-10348)

Medium

2020.1.12629

CVE-2021-25757

Hub

An authorized user could delete the 2FA settings of any other user (JPS-10410)

Medium

2020.1.12629

CVE-2021-25759

Hub

Information disclosure via public API (JPS-10481)

Low

2020.1.12669

CVE-2021-25760

Kotlin

A vulnerable Java API was used for creating temporary files and folders, which could make temporary files available for other users of a system. Reported by Jonathan Leitschuh (KT-42181)

Low

1.4.21

CVE-2020-29582

Ktor

Birthday attack on SessionStorage key was possible. Reported by Kenta Koyama (KTOR-878)

Low

1.5.0

CVE-2021-25761

Ktor

Weak cipher suites were enabled by default. Reported by Johannes Ulfkjær Jensen (KTOR-895)

Low

1.4.2

CVE-2021-25763

Ktor

HTTP Request Smuggling was possible. Reported by ZeddYu Lu, Kaiwen Shen, and Yaru Yang (KTOR-1116)

Low

1.4.3

CVE-2021-25762

PhpStorm

Source code could be added to debug logs (WI-54619)

Low

2020.3

CVE-2021-25764

YouTrack

CSRF via attachment upload. Reported by Yurii Sanin (JT-58157)

Medium

2020.4.4701

CVE-2021-25765

YouTrack

Users enumeration via the REST API without the appropriate permissions (JT-59396, JT-59498)

Low

2020.4.4701

CVE-2020-25208

YouTrack

Improper resource access checks (JT-59397)

Low

2020.4.4701

CVE-2021-25766

YouTrack

Issue’s existence disclosure via the YouTrack command execution (JT-59663)

Low

2020.6.1767

CVE-2021-25767

YouTrack

Improper permissions checks for attachment actions (JT-59900)

Low

2020.4.4701

CVE-2021-25768

YouTrack

Improper permissions checks for attachment actions (JT-59900)

Low

2020.4.4701

CVE-2021-25768

YouTrack

YouTrack admin wasn’t able to access attachments (JT-60824)

Low

2020.4.6808

CVE-2021-25769

YouTrack

Server-side template injection in YouTrack InCloud. Reported by Vasily Vasilkov (JT-61449)

High

2020.5.3123

CVE-2021-25770

YouTrack

Project information disclosure (JT-61566)

Low

2020.6.1099

CVE-2021-25771

Space

Potential information disclosure via logs (SPACE-9343, SPACE-10969)

Low

Not applicable

CWE-532

Space

An attacker could obtain limited information via SSRF while testing the connection to a mirrored repository (SPACE-9514)

High

Not applicable

CWE-918

Space

Content-Type header wasn’t set for some pages (SPACE-12004)

Low

Not applicable

CWE-531

Space

A REST API endpoint was available without an appropriate permissions check, which could introduce a potential DOS vector (no real exploit available). (SPACE-12288)

Low

Not applicable

CWE-732

TeamCity

Reflected XSS on several pages (TW-67424, TW-68098)

Medium

2020.2

CVE-2021-25773

TeamCity

TeamCity server DoS was possible via server integration (TW-68406, TW-68780)

Low

2020.2

CVE-2021-25772

TeamCity

ECR token exposure in the build’s parameters (TW-68515)

Medium

2020.2

CVE-2021-25776

TeamCity

A user could get access to the GitHub access token of another user (TW-68646)

Low

2020.2.1

CVE-2021-25774

TeamCity

Server admin could create and see access tokens for any other users (TW-68862)

Low

2020.2.1

CVE-2021-25775

TeamCity

Improper permissions checks during user deletion (TW-68864)

Low

2020.2.1

CVE-2021-25778

TeamCity

Improper permissions checks during tokens removal (TW-68871)

Low

2020.2.1

CVE-2021-25777

TeamCity

TeamCity Plugin SSRF. Vulnerability that could potentially expose user credentials. Reported by Jonathan Leitschuh (TW-69068)

High

2020.2.85695

CVE-2020-35667

If you need any further assistance, please contact our Security Team.

Subscribe to receive the bulletin in your mailbox.

Your JetBrains Team_
The Drive to Develop_

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907