Headline
CVE-2020-15824: JetBrains Security Bulletin Q2 2020 | JetBrains News
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
FYI News Security
JetBrains Security Bulletin Q2 2020
In the second quarter of 2020, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved.
Product
Description
Severity
Resolved in
CVE/CWE
Datalore
Stack trace disclosure. (DL-7350)
Low
Not applicable
CWE-536
Datalore
Reverse tabnabbing was possible. (DL-7708)
Low
Not applicable
CWE-1022
JetBrains Account
Throttling for reset password functionality was missing if 2FA was enabled. Reported by Manu Pranav. (JPF-10527)
Medium
2020.06
CWE-799
JetBrains Website
Stack trace disclosure in case of an incorrect character in request. (JS-12490)
Low
Not applicable
CWE-536
JetBrains Website
Reflected XSS on jetbrains.com subdomain. Reported by Ritik Chaddha. (JS-12562)
Low
Not applicable
CWE-79
JetBrains Website
Open-redirect issues on kotlinconf.com. Reported by Ritik Chaddha. (JS-12581)
Low
Not applicable
CWE-601
JetBrains Website
Clickjacking was possible on a non-existent page. Reported by Pravas Ranjan Kanungo. (JS-12835)
Low
Not applicable
CWE-1021
YouTrack
Subtasks workflow could disclose the existence of an issue. (JT-45316)
Low
2020.2.8527
CVE-2020-15818
YouTrack
An external user could execute commands against arbitrary issues. (JT-56848)
High
2020.1.1331
CVE-2020-15817
YouTrack
SSRF vulnerability that allowed scanning internal ports. Reported by Evren Yalçın. (JT-56917)
Low
2020.2.10643
CVE-2020-15819
YouTrack
It was possible to change a redirect from any existing YouTrack InCloud instance to another instance. (JT-57036)
Medium
2020.1.3588
CWE-601
YouTrack
The markdown parser could disclose the existence of a hidden file. (JT-57235)
Low
2020.2.6881
CVE-2020-15820
YouTrack
A user without the appropriate permissions could create an article draft. (JT-57649)
Medium
2020.2.6881
CVE-2020-15821
YouTrack
The AWS metadata of a YouTrack InCloud instance was disclosed via SSRF in a workflow. Reported by Yurii Sanin. (JT-57964)
High
2020.2.8873
CVE-2020-15823
YouTrack
SSRF was possible because URL filtering could be escaped. Reported by Yurii Sanin. (JT-58204)
Low
2020.2.10514
CVE-2020-15822
Kotlin
Script cache privilege escalation vulnerability. Reported by Henrik Tunedal. (KT-38222)
Medium
1.4.0
CVE-2020-15824
Space
Draft title was disclosed to a user without access to the draft. (SPACE-5594)
Low
Not applicable
CWE-200
Space
A missing authorization check caused privilege escalation. Reported by Callum Carney. (SPACE-8034)
High
Not applicable
CWE-266
Space
Blind SSRF via calendar import. Reported by Yurii Sanin. (SPACE-8273)
Medium
Not applicable
CWE-918
Space
Drafts of direct messages sent from the iOS app could be sent to the channel. (SPACE-8377)
Low
Not applicable
CWE-200
Space
Chat messages were propagated to the browser console. (SPACE-8386)
High
Not applicable
CWE-215
Space
Missing authentication checks in Space Automation. (SPACE-8431)
Critical
Not applicable
CWE-306
Space
Missing authentication checks in Job-related API. (SPACE-8822)
Low
Not applicable
CWE-306
Space
Incorrect checks of public key content. (SPACE-9169)
Medium
Not applicable
CWE-287
Space
Stored XSS via repository resource. (SPACE-9277)
High
Not applicable
CWE-79
Toolbox App
Missing signature on “jetbrains-toolbox.exe”. (TBX-4671)
Low
1.17.6856
CVE-2020-15827
TeamCity
Users were able to assign more permissions than they had. (TW-36158)
Low
2020.1
CVE-2020-15826
TeamCity
Users with the “Modify group” permission could elevate other users’ privileges. (TW-58858)
Medium
2020.1
CVE-2020-15825
TeamCity
Password parameters could be disclosed via build logs. (TW-64484)
Low
2019.2.3
CVE-2020-15829
TeamCity
Project parameter values could be retrieved by a user without the appropriate permissions. (TW-64587)
High
2020.1.1
CVE-2020-15828
TeamCity
Reflected XSS on administration UI. (TW-64668)
High
2019.2.3
CVE-2020-15831
TeamCity
Stored XSS on administration UI. (TW-64699)
High
2019.2.3
CVE-2020-15830
Upsource
Unauthorized access was possible through an error in accounts linking. (SDP-940)
Low
2020.1
CVE-2019-19704
If you need any further assistance, please contact our Security Team.
Subscribe to receive the bulletin in your mailbox.
Your JetBrains Team_
The Drive to Develop_