Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-15824: JetBrains Security Bulletin Q2 2020 | JetBrains News

In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.

CVE
#xss#vulnerability#web#ios#js

FYI News Security

JetBrains Security Bulletin Q2 2020

Robert Demmer

In the second quarter of 2020, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved.

Product

Description

Severity

Resolved in

CVE/CWE

Datalore

Stack trace disclosure. (DL-7350)

Low

Not applicable

CWE-536

Datalore

Reverse tabnabbing was possible. (DL-7708)

Low

Not applicable

CWE-1022

JetBrains Account

Throttling for reset password functionality was missing if 2FA was enabled. Reported by Manu Pranav. (JPF-10527)

Medium

2020.06

CWE-799

JetBrains Website

Stack trace disclosure in case of an incorrect character in request. (JS-12490)

Low

Not applicable

CWE-536

JetBrains Website

Reflected XSS on jetbrains.com subdomain. Reported by Ritik Chaddha. (JS-12562)

Low

Not applicable

CWE-79

JetBrains Website

Open-redirect issues on kotlinconf.com. Reported by Ritik Chaddha. (JS-12581)

Low

Not applicable

CWE-601

JetBrains Website

Clickjacking was possible on a non-existent page. Reported by Pravas Ranjan Kanungo. (JS-12835)

Low

Not applicable

CWE-1021

YouTrack

Subtasks workflow could disclose the existence of an issue. (JT-45316)

Low

2020.2.8527

CVE-2020-15818

YouTrack

An external user could execute commands against arbitrary issues. (JT-56848)

High

2020.1.1331

CVE-2020-15817

YouTrack

SSRF vulnerability that allowed scanning internal ports. Reported by Evren Yalçın. (JT-56917)

Low

2020.2.10643

CVE-2020-15819

YouTrack

It was possible to change a redirect from any existing YouTrack InCloud instance to another instance. (JT-57036)

Medium

2020.1.3588

CWE-601

YouTrack

The markdown parser could disclose the existence of a hidden file. (JT-57235)

Low

2020.2.6881

CVE-2020-15820

YouTrack

A user without the appropriate permissions could create an article draft. (JT-57649)

Medium

2020.2.6881

CVE-2020-15821

YouTrack

The AWS metadata of a YouTrack InCloud instance was disclosed via SSRF in a workflow. Reported by Yurii Sanin. (JT-57964)

High

2020.2.8873

CVE-2020-15823

YouTrack

SSRF was possible because URL filtering could be escaped. Reported by Yurii Sanin. (JT-58204)

Low

2020.2.10514

CVE-2020-15822

Kotlin

Script cache privilege escalation vulnerability. Reported by Henrik Tunedal. (KT-38222)

Medium

1.4.0

CVE-2020-15824

Space

Draft title was disclosed to a user without access to the draft. (SPACE-5594)

Low

Not applicable

CWE-200

Space

A missing authorization check caused privilege escalation. Reported by Callum Carney. (SPACE-8034)

High

Not applicable

CWE-266

Space

Blind SSRF via calendar import. Reported by Yurii Sanin. (SPACE-8273)

Medium

Not applicable

CWE-918

Space

Drafts of direct messages sent from the iOS app could be sent to the channel. (SPACE-8377)

Low

Not applicable

CWE-200

Space

Chat messages were propagated to the browser console. (SPACE-8386)

High

Not applicable

CWE-215

Space

Missing authentication checks in Space Automation. (SPACE-8431)

Critical

Not applicable

CWE-306

Space

Missing authentication checks in Job-related API. (SPACE-8822)

Low

Not applicable

CWE-306

Space

Incorrect checks of public key content. (SPACE-9169)

Medium

Not applicable

CWE-287

Space

Stored XSS via repository resource. (SPACE-9277)

High

Not applicable

CWE-79

Toolbox App

Missing signature on “jetbrains-toolbox.exe”. (TBX-4671)

Low

1.17.6856

CVE-2020-15827

TeamCity

Users were able to assign more permissions than they had. (TW-36158)

Low

2020.1

CVE-2020-15826

TeamCity

Users with the “Modify group” permission could elevate other users’ privileges. (TW-58858)

Medium

2020.1

CVE-2020-15825

TeamCity

Password parameters could be disclosed via build logs. (TW-64484)

Low

2019.2.3

CVE-2020-15829

TeamCity

Project parameter values could be retrieved by a user without the appropriate permissions. (TW-64587)

High

2020.1.1

CVE-2020-15828

TeamCity

Reflected XSS on administration UI. (TW-64668)

High

2019.2.3

CVE-2020-15831

TeamCity

Stored XSS on administration UI. (TW-64699)

High

2019.2.3

CVE-2020-15830

Upsource

Unauthorized access was possible through an error in accounts linking. (SDP-940)

Low

2020.1

CVE-2019-19704

If you need any further assistance, please contact our Security Team.

Subscribe to receive the bulletin in your mailbox.

Your JetBrains Team_
The Drive to Develop_

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907