Refine your search
15 vulnerabilities found for by jetbrains
CVE-2025-64773 (GCVE-0-2025-64773)
Vulnerability from cvelistv5
Published
2025-11-11 15:23
Modified
2025-11-11 15:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit
References
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "YouTrack",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.3.104432",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T15:23:19.653Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64773",
"datePublished": "2025-11-11T15:23:19.653Z",
"dateReserved": "2025-11-11T15:02:03.361Z",
"dateUpdated": "2025-11-11T15:23:19.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64457 (GCVE-0-2025-64457)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority while details are being clarified. A corrected record will be published once verification is complete.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-11-11T12:28:28.705Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority while details are being clarified. A corrected record will be published once verification is complete."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority while details are being clarified. A corrected record will be published once verification is complete."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64457",
"datePublished": "2025-11-10T13:28:23.970Z",
"dateRejected": "2025-11-11T12:28:28.705Z",
"dateReserved": "2025-11-04T14:34:02.045Z",
"dateUpdated": "2025-11-11T12:28:28.705Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64456 (GCVE-0-2025-64456)
Vulnerability from cvelistv5
Published
2025-11-10 13:28
Modified
2025-11-11 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64456",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T04:55:34.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ReSharper",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.2.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T13:28:03.624Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64456",
"datePublished": "2025-11-10T13:28:03.624Z",
"dateReserved": "2025-11-04T14:34:01.215Z",
"dateUpdated": "2025-11-11T04:55:34.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64690 (GCVE-0-2025-64690)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-12-02T10:26:37.525Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64690",
"datePublished": "2025-11-10T13:28:02.290Z",
"dateRejected": "2025-12-02T10:26:37.525Z",
"dateReserved": "2025-11-07T15:10:52.839Z",
"dateUpdated": "2025-12-02T10:26:37.525Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64689 (GCVE-0-2025-64689)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-12-02T10:26:13.807Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64689",
"datePublished": "2025-11-10T13:28:01.039Z",
"dateRejected": "2025-12-02T10:26:13.807Z",
"dateReserved": "2025-11-07T15:10:52.443Z",
"dateUpdated": "2025-12-02T10:26:13.807Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64688 (GCVE-0-2025-64688)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-12-02T10:25:48.630Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64688",
"datePublished": "2025-11-10T13:27:59.902Z",
"dateRejected": "2025-12-02T10:25:48.630Z",
"dateReserved": "2025-11-07T15:10:52.031Z",
"dateUpdated": "2025-12-02T10:25:48.630Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64687 (GCVE-0-2025-64687)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-12-02T10:24:56.254Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64687",
"datePublished": "2025-11-10T13:27:59.372Z",
"dateRejected": "2025-12-02T10:24:56.254Z",
"dateReserved": "2025-11-07T15:10:51.623Z",
"dateUpdated": "2025-12-02T10:24:56.254Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64686 (GCVE-0-2025-64686)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-12-02T10:23:35.440Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64686",
"datePublished": "2025-11-10T13:27:58.836Z",
"dateRejected": "2025-12-02T10:23:35.440Z",
"dateReserved": "2025-11-07T15:10:51.231Z",
"dateUpdated": "2025-12-02T10:23:35.440Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64685 (GCVE-0-2025-64685)
Vulnerability from cvelistv5
Published
2025-11-10 13:27
Modified
2025-11-11 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T04:55:36.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "YouTrack",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.3.104432",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T13:27:58.093Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64685",
"datePublished": "2025-11-10T13:27:58.093Z",
"dateReserved": "2025-11-07T15:10:50.666Z",
"dateUpdated": "2025-11-11T04:55:36.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64684 (GCVE-0-2025-64684)
Vulnerability from cvelistv5
Published
2025-11-10 13:27
Modified
2025-11-10 14:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T14:50:18.554610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T14:50:23.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "YouTrack",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.3.104432",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T13:27:57.428Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64684",
"datePublished": "2025-11-10T13:27:57.428Z",
"dateReserved": "2025-11-07T15:10:50.072Z",
"dateUpdated": "2025-11-10T14:50:23.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64683 (GCVE-0-2025-64683)
Vulnerability from cvelistv5
Published
2025-11-10 13:27
Modified
2025-11-10 14:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T14:58:15.472706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T14:58:21.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hub",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.3.104432",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T13:27:56.565Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64683",
"datePublished": "2025-11-10T13:27:56.565Z",
"dateReserved": "2025-11-07T15:10:49.278Z",
"dateUpdated": "2025-11-10T14:58:21.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64682 (GCVE-0-2025-64682)
Vulnerability from cvelistv5
Published
2025-11-10 13:27
Modified
2025-11-10 14:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64682",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T14:35:20.976030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T14:36:21.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hub",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.3.104432",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T13:27:55.389Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64682",
"datePublished": "2025-11-10T13:27:55.389Z",
"dateReserved": "2025-11-07T15:10:48.586Z",
"dateUpdated": "2025-11-10T14:36:21.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64681 (GCVE-0-2025-64681)
Vulnerability from cvelistv5
Published
2025-11-10 13:27
Modified
2025-11-10 14:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64681",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T14:38:23.318172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T14:39:10.302Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hub",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.3.104992",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T13:27:54.552Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64681",
"datePublished": "2025-11-10T13:27:54.552Z",
"dateReserved": "2025-11-07T15:10:47.910Z",
"dateUpdated": "2025-11-10T14:39:10.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27198 (GCVE-0-2024-27198)
Vulnerability from cvelistv5
Published
2024-03-04 17:21
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "teamcity",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.11.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27198",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T14:07:07.365272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-03-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-27198"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:23.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-27198"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-07T00:00:00+00:00",
"value": "CVE-2024-27198 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TeamCity",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-11T14:14:49.293Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
},
{
"url": "https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2024-27198",
"datePublished": "2024-03-04T17:21:39.422Z",
"dateReserved": "2024-02-21T09:53:25.185Z",
"dateUpdated": "2025-10-21T23:05:23.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42793 (GCVE-0-2023-42793)
Vulnerability from cvelistv5
Published
2023-09-19 16:57
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2023/09/25/etr-cve-2023-42793-critical-authentication-bypass-in-jetbrains-teamcity-ci-cd-servers/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42793",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-13T18:39:27.643246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-10-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42793"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:37.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42793"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-04T00:00:00+00:00",
"value": "CVE-2023-42793 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TeamCity",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.05.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T11:24:47.087Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
},
{
"url": "https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/"
},
{
"url": "http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.html"
},
{
"url": "https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793"
},
{
"url": "https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/"
},
{
"url": "https://www.rapid7.com/blog/post/2023/09/25/etr-cve-2023-42793-critical-authentication-bypass-in-jetbrains-teamcity-ci-cd-servers/"
},
{
"url": "https://www.sonarsource.com/blog/teamcity-vulnerability/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2023-42793",
"datePublished": "2023-09-19T16:57:29.245Z",
"dateReserved": "2023-09-14T09:48:47.154Z",
"dateUpdated": "2025-10-21T23:05:37.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}