Monthly Archive: April 2020

In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. Date published : 2020-04-22 JetBrains Security Bulletin Q1 2020

In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases. Date published : 2020-04-22 JetBrains Security Bulletin Q1 2020

In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file. Date published : 2020-04-22 JetBrains Security Bulletin Q1 2020

In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session. Date published : 2020-04-22 JetBrains Security Bulletin Q1 2020

In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages. Date published : 2020-04-22 JetBrains Security Bulletin Q1 2020

In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings. Date published : 2020-04-22 JetBrains Security Bulletin Q1 2020

In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS. Date published : 2020-04-22 JetBrains Security Bulletin Q1 2020

An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted. Date published : 2020-04-22 https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ https://about.gitlab.com/blog/categories/releases/

An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing (mode 0 Bluetooth LE security level) The data being transmitted over...

An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling. Date published : 2020-04-22...

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure...

JetBrains Space through 2020-04-22 allows stored XSS in Chats. Date published : 2020-04-22 JetBrains Security Bulletin Q1 2020

In Phproject before version 1.7.8, there’s a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8. Date published : 2020-04-22 https://github.com/Alanaktion/phproject/security/advisories/GHSA-4j97-6w6q-gxjx https://github.com/Alanaktion/phproject/commit/b49d642e035d835f824bd39babd964ec0e3a285f

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HandshakeResult method. The...