CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-11694
https://notcve.org/view.php?id=CVE-2020-11694
In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3. En JetBrains PyCharm versiones 2019.2.5 y 2019.3 en Windows, fueron incluidas credenciales de Apple Notarization Service. Esto se corrigió en las versiones 2019.2.6 y 2019.3.3. • https://blog.jetbrains.com/blog/2020/04/22/jetbrains-security-bulletin-q1-2020 https://gist.github.com/rubyroobs/5d273895512df5b86d5e7e1a703c8028 https://twitter.com/_ruby/status/1234457530790600704 • CWE-312: Cleartext Storage of Sensitive Information CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7907
https://notcve.org/view.php?id=CVE-2020-7907
In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections. En el plugin JetBrains Scala versiones anteriores a 2019.2.1, algunas dependencias de artefactos fueron resueltas por medio de conexiones no encriptadas. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/01/24/jetbrains-security-bulletin-q4-2019 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7914
https://notcve.org/view.php?id=CVE-2020-7914
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3. En JetBrains IntelliJ IDEA versión 2019.2, una configuración inapropiada del plugin XSLT debugger permite operaciones de lectura de archivos arbitraria mediante la red. Este problema fue corregido en versión 2019.3. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/01/24/jetbrains-security-bulletin-q4-2019 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7913
https://notcve.org/view.php?id=CVE-2020-7913
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description. JetBrains YouTrack versiones 2019.2 anteriores a 2019.2.59309, era vulnerable a un ataque de tipo XSS por medio de una descripción de problema. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/01/24/jetbrains-security-bulletin-q4-2019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7912
https://notcve.org/view.php?id=CVE-2020-7912
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups. En JetBrains YouTrack versiones anteriores a 2019.2.59309, la configuración SMTP/Jabber podría ser accedida usando copias de seguridad. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/01/24/jetbrains-security-bulletin-q4-2019 • CWE-668: Exposure of Resource to Wrong Sphere •