CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25765
https://notcve.org/view.php?id=CVE-2021-25765
In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible. En JetBrains YouTrack versiones anteriores a 2020.4.4701, fue posible un ataque de tipo CSRF por medio de una carga de archivos adjuntos • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25762
https://notcve.org/view.php?id=CVE-2021-25762
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. En JetBrains Ktor versiones anteriores a 1.4.3, fue posible un Trafico No Autorizado de Peticiones HTTP • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25763
https://notcve.org/view.php?id=CVE-2021-25763
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default. En JetBrains Ktor versiones anteriores a 1.4.2, un conjunto de cifrado débil estaban habilitados por defecto • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25761
https://notcve.org/view.php?id=CVE-2021-25761
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. En JetBrains Ktor versiones anteriores a 1.5.0, fue posible un ataque de tipo birthday en la clave de SessionStorage • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-29582 – kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure
https://notcve.org/view.php?id=CVE-2020-29582
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions. En JetBrains Kotlin versiones anteriores a 1.4.21, una API Java vulnerable era usada para la creación de archivos y carpetas temporales. Un atacante era capaz de leer datos de dichos archivos y enumerar directorios debido a permisos no seguros • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020 https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://access.redhat.com/security/cve/CVE-2020-29582 https://bugzilla.redhat.com/show_bug.cgi?id=1930291 • CWE-276: Incorrect Default Permissions •