In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.
In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence.
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports.
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.