CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2025-23385
https://notcve.org/view.php?id=CVE-2025-23385
28 Jan 2025 — In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-114: Process Control •
CVSS: 9.3EPSS: 1%CPEs: 44EXPL: 2CVE-2024-37051
https://notcve.org/view.php?id=CVE-2024-37051
10 Jun 2024 — GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2... • https://github.com/LeadroyaL/CVE-2024-37051-EXP • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24939
https://notcve.org/view.php?id=CVE-2024-24939
06 Feb 2024 — In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible En JetBrains Rider antes de 2023.3.3 era posible el registro de variables de entorno que contenían valores secretos • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37396
https://notcve.org/view.php?id=CVE-2022-37396
03 Aug 2022 — In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution En JetBrains Rider versiones anteriores a 2022.2, el diálogo confiable y de apertura de proyectos puede ser evitada, conllevando a una ejecución de código local • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7906
https://notcve.org/view.php?id=CVE-2020-7906
30 Jan 2020 — In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3. En JetBrains Rider versiones 2019.3 EAP2 hasta 2019.3 EAP7, se presentaron binarios no firmados provistos por parte del instalador de Windows. Este problema fue corregido en la publicación de la versión 2019.3. • https://blog.jetbrains.com • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14960
https://notcve.org/view.php?id=CVE-2019-14960
01 Oct 2019 — JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file. JetBrains Rider versiones anteriores a 2019.1.2, estaba usando un archivo JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll sin firmar. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-426: Untrusted Search Path •