Page 68 of 431 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default. En JetBrains Kotlin desde la versión 1.4-M1 a la 1.4-RC (ya que Kotlin versión 1.3.7x no se ve afectado por el problema. La versión corregida es la 1.4.0) se presenta una vulnerabilidad de escalada de privilegios de la caché de scripts debido a scripts kotlin-main-kts almacenados en caché en el directorio temporal del sistema, que es compartido por todos los usuarios por defecto. • http://www.openwall.com/lists/oss-security/2020/12/06/1 https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020 https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E https://lists.apache.org/thread.html/ra • CWE-269: Improper Privilege Management •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. JetBrains YouTrack versiones anteriores a 2020.2.8873, es vulnerable a un ataque de tipo SSRF en el componente Workflow • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. En JetBrains YouTrack versiones anteriores a 2020.2.6881, un usuario sin permiso puede crear un borrador de artículo • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020 • CWE-276: Incorrect Default Permissions •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. En JetBrains YouTrack versiones anteriores a 2020.2.6881, el analizador de rebajas podía divulgar la presencia de archivos ocultos • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020 •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. JetBrains YouTrack versiones anteriores a 2020.2.10643, era vulnerable a un ataque de tipo SSRF que permitía escanear puertos internos • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020 • CWE-918: Server-Side Request Forgery (SSRF) •