CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14961
https://notcve.org/view.php?id=CVE-2019-14961
JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS. JetBrains Upsource versiones anteriores a 2019.1.1412, no escapó apropiadamente las etiquetas HTML en un bloque de código de comentarios, conllevando a una vulnerabilidad de tipo XSS. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15042
https://notcve.org/view.php?id=CVE-2019-15042
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1. Se descubrió un problema en JetBrains TeamCity versión 2018.2.4. No presenta comprobación de certificado SSL para algunas conexiones https externas. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14960
https://notcve.org/view.php?id=CVE-2019-14960
JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file. JetBrains Rider versiones anteriores a 2019.1.2, estaba usando un archivo JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll sin firmar. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-426: Untrusted Search Path •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14955
https://notcve.org/view.php?id=CVE-2019-14955
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented. En JetBrains Hub versiones anteriores a 2018.4.11436, no había ninguna opción para obligar a un usuario a cambiar la contraseña y no se implementó ninguna política de caducidad de contraseña. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14953
https://notcve.org/view.php?id=CVE-2019-14953
JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser. JetBrains YouTrack versiones anteriores a 2019.2.53938, presentaban una posible vulnerabilidad de tipo XSS por medio de archivos adjuntos de problemas cuando se usa el navegador Firefox. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •