JetBrains опубликовала JetBrains products Security Bulletin Q1 2019
JetBrains опубликовала JetBrains products Security Bulletin Q1 2019
В бюллетене JetBrains Security Bulletin Q1 2019 кратко изложены уязвимости безопасности, обнаруженные в продуктах JetBrains и исправленные в первом квартале 2019 года.
Security Bulletin включает проблемы, которые могут подвергнуть пользователя продукта или инфраструктуру проекта атакам типа «человек посередине», а именно:
- resolving Gradle, Maven, and sbt project artifacts over an unencrypted connection in various projects; and
- generating project templates in an IDE causing the above-mentioned issue in a user’s project.
Также проведена расширенную проверка механизма секретного хранения в настройках JetBrains IDE, а также выявлены и исправлены несколько случаев секретного хранения открытого текста.
Краткий отчет, который включает в себя уязвимый продукт, описание каждой проблемы, ее серьезность и версию продукта, содержащую исправление.
| Product | Description | Severity | Resolved in | CVE/CWE |
| CLion | The suggested WSL configuration exposed a local SSH server to the internal network (CPP-15063) | Moderate | No fix versions | CWE-276 |
| Documentation | JetBrains GitHub repositories had a world-editable wiki.(DOC-6532) Reported by Bogdan Gagea | Moderate | No fix versions | CWE-732 |
| Hub | A user password could appear in the audit events for certain server settings (JPF-7895) | High | 2018.4.11298 | CVE-2019-12847 |
| IntelliJ IDEA | The default configuration for Spring Boot apps was not secure (IDEA-204439) | High | 2018.3.4, 2019.1 | CVE-2019-9186 |
| IntelliJ IDEA | The application server configuration allowed cleartext storage of secrets(IDEA-201519, IDEA-202483, IDEA-203271) | High | 2018.1.8, 2018.2.8, 2018.3.5, 2019.1 | CVE-2019-9872 |
| IntelliJ IDEA | The implementation of storage in the KeePass database was not secure (IDEA-200066) | Low | 2018.3, 2019.1 | CWE-922 |
| IntelliJ IDEA | A certain application server configuration allowed cleartext storage of secrets (IDEA-199911) | Low | 2018.3 | CWE-317 |
| IntelliJ IDEA | A certain application server configuration allowed cleartext storage of secrets (IDEA-203613) | Moderate | 2018.1.8, 2018.2.8, 2018.3.5 | CWE-2019-9823 |
| IntelliJ IDEA | A certain remote server configurations allowed cleartext storage of secrets (IDEA-203272, IDEA-203260, IDEA-206556, IDEA-206557) | High | 2019.1 | CVE-2019-9873 |
| IntelliJ IDEA | The run configuration of certain application servers allowed remote code execution while running the server with the default settings (IDEA-204570) | High | 2018.3.7, 2018.1.8, 2018.2.8, 2018.3.4 | CVE-2019-10103, CVE-2019-10104 |
| JetBrains Account | An open redirect vulnerability via the backUrl parameter was detected (JPF-8899) | Moderate | No fix version | CWE-601 |
| JetBrains Account | An open redirect vulnerability via the backUrl parameter was detected (JPF-8899) | Moderate | No fix version | CWE-444 |
| Kotlin | The JetBrains Kotlin project was resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. | Moderate | 1.3.30 | CVE-2019-10101 |
| Kotlin Plugin | IntelliJ IDEA projects created using the Kotlin IDE template were resolving artifacts using an http connection, potentially allowing an MITM attack. | Moderate | 1.3.30 | CVE-2019-10102 |
| Plugin Marketplace | Some HTTP Security Headers were missing (MP-2004) | Moderate | No fix version | CWE-693 |
| Plugin Marketplace | A reflected XSS was detected (MP-2001) | Moderate | No fix version | CWE-79 |
| Plugin Marketplace | A CSRF vulnerability was detected (MP-2002) | Moderate | No fix version | CWE-352 |
| PyCharm | A certain remote server configuration allowed cleartext storage of secrets (PY-32885) | Moderate | 2018.3.2 | CWE-209 |
| TeamCity | A possible stored JavaScript injection was detected (TW-59419) | Moderate | 2018.2.3 | CVE-2019-12844 |
| TeamCity | The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts (TW-59379) | Moderate | 2018.2.3 | CVE-2019-12845 |
| TeamCity | A possible stored JavaScript injection requiring a deliberate server administrator action was detected (TW-55640) | Moderate | 2018.2.3 | CVE-2019-12843 |
| TeamCity | Incorrect handling of user input in ZIP extraction (TW-57143) | Moderate | 2018.2.2 | CVE-2019-12841 |
| TeamCity | A reflected XSS on a user page was detected (TW-58661) | Moderate | 2018.2.2 | CVE-2019-12842 |
| TeamCity | A user without the required permissions could gain access to some settings (TW-58571) | Moderate | 2018.2.2 | CVE-2019-12846 |
| TeamCity | An SSRF attack was possible on a YouTrack server (JT-51121) | High | 2018.4.49168 | CVE-2019-12852 |
| YouTrack | An Insecure Direct Object Reference was possible (JT-51103) | Low | 2018.4.49168 | CVE-2019-12866 |
| YouTrack | Certain actions could cause privilege escalation for issue attachments (JT-51080) | Moderate | 2018.4.49168 | CVE-2019-12867 |
| YouTrack | A query injection was possible (JT-51105) | Low | 2018.4.49168 | CVE-2019-12850 |
| YouTrack Licensing | An unauthorized disclosure of license details to an attacker #2 was possible (JT-51117) | Low | No fix version | CWE-284 |
| YouTrack Licensing | A reflected XSS was detected (JT-51074) | Low | No fix version | CWE-79 |
| YouTrack | A CSRF vulnerability was detected in one of admin endpoints (JT-51110) | Moderate | 2018.4.49852 | CVE-2019-12851 |
| YouTrack Integration Plugin | The YouTrack Confluence plugin allowed the SSTI vulnerability (JT-51594) | Moderate | 1.8.1.3 | CVE-2019-10100 |
