Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
22 vulnerabilities found for toolbox by jetbrains
CVE-2025-43014 (GCVE-0-2025-43014)
Vulnerability from nvd – Published: 2025-04-17 15:56 – Updated: 2025-04-17 18:01
VLAI?
Summary
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
Severity ?
6.1 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | Toolbox App |
Affected:
0 , < 2.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T17:57:04.608975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-304",
"description": "CWE-304 Missing Critical Step in Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:01:48.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Toolbox App",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-304",
"description": "CWE-304",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T15:56:04.945Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-43014",
"datePublished": "2025-04-17T15:56:04.945Z",
"dateReserved": "2025-04-16T13:26:23.747Z",
"dateUpdated": "2025-04-17T18:01:48.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43013 (GCVE-0-2025-43013)
Vulnerability from nvd – Published: 2025-04-17 15:56 – Updated: 2025-04-17 18:02
VLAI?
Summary
In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible
Severity ?
6.9 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | Toolbox App |
Affected:
0 , < 2.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T18:02:24.650910Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:02:40.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Toolbox App",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T15:56:04.549Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-43013",
"datePublished": "2025-04-17T15:56:04.549Z",
"dateReserved": "2025-04-16T13:26:23.392Z",
"dateUpdated": "2025-04-17T18:02:40.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43012 (GCVE-0-2025-43012)
Vulnerability from nvd – Published: 2025-04-17 15:56 – Updated: 2026-02-26 18:28
VLAI?
Summary
In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible
Severity ?
8.3 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | Toolbox App |
Affected:
0 , < 2.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T03:55:45.068095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:10.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Toolbox App",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T15:56:04.085Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-43012",
"datePublished": "2025-04-17T15:56:04.085Z",
"dateReserved": "2025-04-16T13:26:23.013Z",
"dateUpdated": "2026-02-26T18:28:10.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-42921 (GCVE-0-2025-42921)
Vulnerability from nvd – Published: 2025-04-17 15:56 – Updated: 2025-04-17 18:03
VLAI?
Summary
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
Severity ?
4.2 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | Toolbox App |
Affected:
0 , < 2.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-42921",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T18:02:52.696324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-297",
"description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:03:03.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Toolbox App",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-297",
"description": "CWE-297",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T15:56:03.552Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-42921",
"datePublished": "2025-04-17T15:56:03.552Z",
"dateReserved": "2025-04-16T13:25:30.282Z",
"dateUpdated": "2025-04-17T18:03:03.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24943 (GCVE-0-2024-24943)
Vulnerability from nvd – Published: 2024-02-06 09:21 – Updated: 2024-08-01 23:36
VLAI?
Summary
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image
Severity ?
5.3 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | Toolbox App |
Affected:
0 , < 2.2
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jetbrains:toolbox:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "toolbox",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T16:15:23.816218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:26.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:20.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Toolbox App",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T09:21:32.556Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2024-24943",
"datePublished": "2024-02-06T09:21:32.556Z",
"dateReserved": "2024-02-01T15:54:48.600Z",
"dateUpdated": "2024-08-01T23:36:20.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48481 (GCVE-0-2022-48481)
Vulnerability from nvd – Published: 2023-04-28 09:22 – Updated: 2025-01-30 20:50
VLAI?
Summary
In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible
Severity ?
5.2 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | Toolbox App |
Affected:
0 , < 1.28
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:54.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T20:50:35.343827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T20:50:54.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"macOS"
],
"product": "Toolbox App",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "1.28",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-691",
"description": "CWE-691",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-28T09:22:37.543Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-48481",
"datePublished": "2023-04-28T09:22:37.543Z",
"dateReserved": "2023-04-28T09:22:30.614Z",
"dateUpdated": "2025-01-30T20:50:54.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25207 (GCVE-0-2020-25207)
Vulnerability from nvd – Published: 2020-11-16 15:01 – Updated: 2024-08-04 15:33
VLAI?
Summary
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jetbrains.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-16T15:04:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jetbrains.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.jetbrains.com",
"refsource": "MISC",
"url": "https://blog.jetbrains.com"
},
{
"name": "https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/",
"refsource": "CONFIRM",
"url": "https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25207",
"datePublished": "2020-11-16T15:01:02.000Z",
"dateReserved": "2020-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:33:05.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25013 (GCVE-0-2020-25013)
Vulnerability from nvd – Published: 2020-11-16 15:00 – Updated: 2024-08-04 15:26
VLAI?
Summary
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jetbrains.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-16T15:05:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jetbrains.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.jetbrains.com",
"refsource": "MISC",
"url": "https://blog.jetbrains.com"
},
{
"name": "https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/",
"refsource": "CONFIRM",
"url": "https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25013",
"datePublished": "2020-11-16T15:00:24.000Z",
"dateReserved": "2020-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:26:09.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15827 (GCVE-0-2020-15827)
Vulnerability from nvd – Published: 2020-08-08 20:24 – Updated: 2024-08-04 13:30
VLAI?
Summary
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:21.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jetbrains.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-08T20:24:52.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jetbrains.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.jetbrains.com",
"refsource": "MISC",
"url": "https://blog.jetbrains.com"
},
{
"name": "https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/",
"refsource": "MISC",
"url": "https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15827",
"datePublished": "2020-08-08T20:24:52.000Z",
"dateReserved": "2020-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:30:21.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18368 (GCVE-0-2019-18368)
Vulnerability from nvd – Published: 2019-10-31 15:24 – Updated: 2024-08-05 01:54
VLAI?
Summary
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T15:24:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019/",
"refsource": "CONFIRM",
"url": "https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18368",
"datePublished": "2019-10-31T15:24:16.000Z",
"dateReserved": "2019-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:54:14.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14959 (GCVE-0-2019-14959)
Vulnerability from nvd – Published: 2019-10-02 18:37 – Updated: 2024-08-05 00:34
VLAI?
Summary
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T18:37:57.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/",
"refsource": "CONFIRM",
"url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14959",
"datePublished": "2019-10-02T18:37:57.000Z",
"dateReserved": "2019-08-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43014 (GCVE-0-2025-43014)
Vulnerability from cvelistv5 – Published: 2025-04-17 15:56 – Updated: 2025-04-17 18:01
VLAI?
Summary
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
Severity ?
6.1 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | Toolbox App |
Affected:
0 , < 2.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T17:57:04.608975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-304",
"description": "CWE-304 Missing Critical Step in Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:01:48.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Toolbox App",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-304",
"description": "CWE-304",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T15:56:04.945Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-43014",
"datePublished": "2025-04-17T15:56:04.945Z",
"dateReserved": "2025-04-16T13:26:23.747Z",
"dateUpdated": "2025-04-17T18:01:48.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43013 (GCVE-0-2025-43013)
Vulnerability from cvelistv5 – Published: 2025-04-17 15:56 – Updated: 2025-04-17 18:02
VLAI?
Summary
In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible
Severity ?
6.9 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | Toolbox App |
Affected:
0 , < 2.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T18:02:24.650910Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:02:40.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Toolbox App",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T15:56:04.549Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-43013",
"datePublished": "2025-04-17T15:56:04.549Z",
"dateReserved": "2025-04-16T13:26:23.392Z",
"dateUpdated": "2025-04-17T18:02:40.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43012 (GCVE-0-2025-43012)
Vulnerability from cvelistv5 – Published: 2025-04-17 15:56 – Updated: 2026-02-26 18:28
VLAI?
Summary
In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible
Severity ?
8.3 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | Toolbox App |
Affected:
0 , < 2.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T03:55:45.068095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:10.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Toolbox App",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T15:56:04.085Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-43012",
"datePublished": "2025-04-17T15:56:04.085Z",
"dateReserved": "2025-04-16T13:26:23.013Z",
"dateUpdated": "2026-02-26T18:28:10.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-42921 (GCVE-0-2025-42921)
Vulnerability from cvelistv5 – Published: 2025-04-17 15:56 – Updated: 2025-04-17 18:03
VLAI?
Summary
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
Severity ?
4.2 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | Toolbox App |
Affected:
0 , < 2.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-42921",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T18:02:52.696324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-297",
"description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:03:03.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Toolbox App",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-297",
"description": "CWE-297",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T15:56:03.552Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-42921",
"datePublished": "2025-04-17T15:56:03.552Z",
"dateReserved": "2025-04-16T13:25:30.282Z",
"dateUpdated": "2025-04-17T18:03:03.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24943 (GCVE-0-2024-24943)
Vulnerability from cvelistv5 – Published: 2024-02-06 09:21 – Updated: 2024-08-01 23:36
VLAI?
Summary
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image
Severity ?
5.3 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | Toolbox App |
Affected:
0 , < 2.2
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jetbrains:toolbox:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "toolbox",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T16:15:23.816218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:26.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:20.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Toolbox App",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T09:21:32.556Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2024-24943",
"datePublished": "2024-02-06T09:21:32.556Z",
"dateReserved": "2024-02-01T15:54:48.600Z",
"dateUpdated": "2024-08-01T23:36:20.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48481 (GCVE-0-2022-48481)
Vulnerability from cvelistv5 – Published: 2023-04-28 09:22 – Updated: 2025-01-30 20:50
VLAI?
Summary
In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible
Severity ?
5.2 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | Toolbox App |
Affected:
0 , < 1.28
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:54.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T20:50:35.343827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T20:50:54.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"macOS"
],
"product": "Toolbox App",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "1.28",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-691",
"description": "CWE-691",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-28T09:22:37.543Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-48481",
"datePublished": "2023-04-28T09:22:37.543Z",
"dateReserved": "2023-04-28T09:22:30.614Z",
"dateUpdated": "2025-01-30T20:50:54.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25207 (GCVE-0-2020-25207)
Vulnerability from cvelistv5 – Published: 2020-11-16 15:01 – Updated: 2024-08-04 15:33
VLAI?
Summary
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jetbrains.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-16T15:04:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jetbrains.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.jetbrains.com",
"refsource": "MISC",
"url": "https://blog.jetbrains.com"
},
{
"name": "https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/",
"refsource": "CONFIRM",
"url": "https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25207",
"datePublished": "2020-11-16T15:01:02.000Z",
"dateReserved": "2020-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:33:05.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25013 (GCVE-0-2020-25013)
Vulnerability from cvelistv5 – Published: 2020-11-16 15:00 – Updated: 2024-08-04 15:26
VLAI?
Summary
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jetbrains.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-16T15:05:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jetbrains.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.jetbrains.com",
"refsource": "MISC",
"url": "https://blog.jetbrains.com"
},
{
"name": "https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/",
"refsource": "CONFIRM",
"url": "https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25013",
"datePublished": "2020-11-16T15:00:24.000Z",
"dateReserved": "2020-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:26:09.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15827 (GCVE-0-2020-15827)
Vulnerability from cvelistv5 – Published: 2020-08-08 20:24 – Updated: 2024-08-04 13:30
VLAI?
Summary
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:21.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jetbrains.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-08T20:24:52.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jetbrains.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.jetbrains.com",
"refsource": "MISC",
"url": "https://blog.jetbrains.com"
},
{
"name": "https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/",
"refsource": "MISC",
"url": "https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15827",
"datePublished": "2020-08-08T20:24:52.000Z",
"dateReserved": "2020-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:30:21.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18368 (GCVE-0-2019-18368)
Vulnerability from cvelistv5 – Published: 2019-10-31 15:24 – Updated: 2024-08-05 01:54
VLAI?
Summary
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T15:24:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019/",
"refsource": "CONFIRM",
"url": "https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18368",
"datePublished": "2019-10-31T15:24:16.000Z",
"dateReserved": "2019-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:54:14.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14959 (GCVE-0-2019-14959)
Vulnerability from cvelistv5 – Published: 2019-10-02 18:37 – Updated: 2024-08-05 00:34
VLAI?
Summary
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T18:37:57.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/",
"refsource": "CONFIRM",
"url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14959",
"datePublished": "2019-10-02T18:37:57.000Z",
"dateReserved": "2019-08-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}