Yurii Sanin

**Name of the Vulnerable Software and Affected Versions** JetBrains Hub versions prior to 2022.2.14799 **Description** The issue is related to insufficient access control, which allowed the hijacking of untrusted services. **Recommendations** For versions prior to 2022.2.14799, update to version 2022.2.14799 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JetBrains YouTrack versions prior to 2021.4.36872 **Description** The issue concerns a stored XSS vulnerability via a project icon. **Recommendations** For versions prior to 2021.4.36872, update to version 2021.4.36872 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JetBrains YouTrack versions prior to 2021.4.31698 **Description** The issue allows a user with read-only permissions to set a custom logo. **Recommendations** For versions prior to 2021.4.31698, update to version 2021.4.31698 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JetBrains Hub versions prior to 2021.1.13890 **Description** The issue concerns the exposure of an API key with excessive permissions due to the integration with JetBrains Account. **Recommendations** For versions prior to 2021.1.13890, update to version 2021.1.13890 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JetBrains Hub versions prior to 2021.1.13956 **Description** The issue allows an unprivileged user to perform a denial-of-service (DoS) attack. **Recommendations** For versions prior to 2021.1.13956, update to version 2021.1.13956 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JetBrains TeamCity versions prior to 2021.2 **Description** The issue allows health items of pull requests to be shown to users who lack appropriate permissions. **Recommendations** For versions prior to 2021.2, update to version 2021.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JetBrains TeamCity versions prior to 2021.2.1 **Description** The issue allows for URL injection leading to CSRF, which could potentially be used for account takeover via CSRF in GitHub authentication. **Recommendations** For versions prior to 2021.2.1, update to version 2021.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JetBrains TeamCity versions prior to 2021.2.1 **Description** The issue is related to stored XSS. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 2021.2.1, update to version 2021.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to areas where user input is displayed to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JetBrains TeamCity versions prior to 2021.2.1 **Description** The issue is related to reflected XSS. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 2021.2.1, update to version 2021.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** JetBrains PhpStorm versions prior to 2020.3 **Description** The issue allows source code to be added to debug logs. **Recommendations** For versions prior to 2020.3, update to version 2020.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JetBrains TeamCity versions prior to 2020.2 **Description** The issue concerns the exposure of an ECR token in a build's parameters. **Recommendations** For versions prior to 2020.2, update to version 2020.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JetBrains YouTrack versions prior to 2020.4.4701 **Description** The issue allows for CSRF via attachment upload. **Recommendations** For versions prior to 2020.4.4701, update to version 2020.4.4701 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JetBrains YouTrack versions prior to 2020.3.888 **Description** The issue is related to a Server-Side Request Forgery (SSRF) problem. SSRF is a type of attack where an attacker can trick a server into making requests to internal or external resources that the server should not access. **Recommendations** For versions prior to 2020.3.888, update to version 2020.3.888 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JetBrains TeamCity versions prior to 2020.1.5 **Description** The issue concerns secure dependency parameters not being masked in depending builds when there are no internal artifacts. This could potentially expose sensitive information. **Recommendations** For versions prior to 2020.1.5, update to version 2020.1.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JetBrains YouTrack versions prior to 2020.3.5333 **Description** The issue concerns a Server-Side Request Forgery (SSRF) vulnerability. SSRF is a type of attack where an attacker can trick a server into making requests to internal or external resources, potentially leading to unauthorized access or information disclosure. **Recommendations** For versions prior to 2020.3.5333, update to version 2020.3.5333 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JetBrains ToolBox versions prior to 1.18 **Description** The issue is related to a Denial of Service attack via a browser protocol handler. **Recommendations** For versions prior to 1.18, update to version 1.18 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JetBrains YouTrack versions prior to 2020.2.10514 **Description** The issue allows for Server-Side Request Forgery (SSRF) because URL filtering can be escaped. **Recommendations** For versions prior to 2020.2.10514, update to version 2020.2.10514 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JetBrains YouTrack versions prior to 2020.3.4313 JetBrains YouTrack versions prior to 2020.2.11008 JetBrains YouTrack versions prior to 2020.1.11011 JetBrains YouTrack versions prior to 2019.1.65514 JetBrains YouTrack versions prior to 2019.2.65515 JetBrains YouTrack versions prior to 2019.3.65516 **Description** An attacker can retrieve an issue description without appropriate access. **Recommendations** For versions prior to 2020.3.4313, update to version 2020.3.4313 or later. For versions prior to 2020.2.11008, update to version 2020.2.11008 or later. For versions prior to 2020.1.11011, update to version 2020.1.11011 or later. For versions prior to 2019.1.65514, update to version 2019.1.65514 or later. For versions prior to 2019.2.65515, update to version 2019.2.65515 or later. For versions prior to 2019.3.65516, update to version 2019.3.65516 or later.

**Name of the Vulnerable Software and Affected Versions** JetBrains YouTrack versions prior to 2020.2.8873 **Description** The issue concerns a Server-Side Request Forgery (SSRF) in the Workflow component. **Recommendations** For versions prior to 2020.2.8873, update to version 2020.2.8873 or later to resolve the issue.