Monthly Archive: August 2020

In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users’ privileges. Date published : 2020-08-08 Home JetBrains Security Bulletin Q2 2020

In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the...

JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. Date published : 2020-08-08 Home JetBrains Security Bulletin Q2 2020

In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. Date published : 2020-08-08 Home JetBrains Security Bulletin Q2 2020

In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. Date published : 2020-08-08 Home JetBrains Security Bulletin Q2 2020

JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. Date published : 2020-08-08 Home JetBrains Security Bulletin Q2 2020

In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. Date published : 2020-08-08 Home JetBrains Security Bulletin Q2 2020

In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. Date published : 2020-08-08 Home JetBrains Security Bulletin Q2 2020

A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x,...

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the ‘Cache-Digest’ header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource...

A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root....

A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the...

hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity...

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by...