GitHub

Cheatsheets (1)

Findings (9)

Name	Product	CWE	Severity
Disclosure of built-in OAuth2 connectors' secrets. (TCC-346)	JetBrains TeamCity (Cloud)	CWE-522	High
Session takeover via OAuth client manipulation. (TCC-347, TCC-349, TCC-351)	JetBrains TeamCity (Cloud)	CWE-345	High
Session takeover using open redirect misconfiguration. (TCC-348)	JetBrains TeamCity (Cloud)	CWE-601	High
VCS credentials disclosure via repository URL manipulation. (TCC-355, TCC-358)	JetBrains TeamCity (Cloud)	CWE-522	Medium
Session takeover using an open redirect in OAuth integration	JetBrains TeamCity (Cloud)	CEW-601	High
JWT token takeover using a open redirect misconfiguration	JetBrains Datalore	CWE-601	High
Path Traversal allows local file reading	JetBrains Marketplace	CWE-22	High
Blind Server-Side Request Forgery (SSRF) via calendar import	JetBrains Space	CWE-918	Medium

CVEs (19)

CVE	Product	CWE	Severity
CVE-2022-45771	PwnDoc	CWE-?	8.8 / High
CVE-2022-45026	MPE	CWE-78	9.8 / Critical
CVE-2022-45025	MPE	CWE-78	9.8 / Critical
CVE-2022-34894	JetBrains Hub	CWE-284	5.3 / Medium
CVE-2022-25262	JetBrains Hub	CWE-287	9.8 / Critical
CVE-2022-25260	JetBrains Hub	CWE-918	9.1 / Critical
CVE-2022-25259	JetBrains Hub	CWE-79	6.1 / Medium
CVE-2022-24347	JetBrains Hub	CWE-79	5.4 / Medium
CVE-2022-24342	JetBrains TeamCity	CWE-352	8.8 / High
CVE-2022-24339	JetBrains TeamCity	CWE-79	5.4 / Medium
CVE-2022-24328	JetBrains Hub	CWE-841	6.5 / Medium
CVE-2022-24327	JetBrains Hub	CWE-732	7.5 / High
CVE-2021-25765	JetBrains YouTrack	CWE-352	8.8 / High
CVE-2020-27626	JetBrains YouTrack	CWE-918	5.3 / Medium
CVE-2020-27624	JetBrains YouTrack	CWE-918	5.3 / Medium
CVE-2020-25209	JetBrains YouTrack	CWE-639	7.5 / High
CVE-2020-24618	JetBrains YouTrack	CWE-639	6.5 / Medium
CVE-2020-15823	JetBrains YouTrack	CWE-918	7.5 / High
CVE-2020-15822	JetBrains YouTrack	CWE-918	7.3 / High

Name		Name	Last commit message	Last commit date
Latest commit History 19 Commits
README.md		README.md

Provide feedback