Search criteria
8 vulnerabilities found for ReSharper by JetBrains
FKIE_CVE-2025-64456
Vulnerability from fkie_nvd - Published: 2025-11-10 14:15 - Updated: 2025-11-20 19:56
Severity ?
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation
References
| URL | Tags | ||
|---|---|---|---|
| cve@jetbrains.com | https://www.jetbrains.com/privacy-security/issues-fixed/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jetbrains:resharper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE78C14C-6BDA-4DE9-982B-907BFC877DEA",
"versionEndExcluding": "2025.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation"
},
{
"lang": "es",
"value": "En JetBrains ReSharper antes de 2025.2.4, la falta de verificaci\u00f3n de firma en DPA Collector permite la escalada de privilegios local."
}
],
"id": "CVE-2025-64456",
"lastModified": "2025-11-20T19:56:27.110",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 5.8,
"source": "cve@jetbrains.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-10T14:15:43.083",
"references": [
{
"source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"sourceIdentifier": "cve@jetbrains.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "cve@jetbrains.com",
"type": "Primary"
}
]
}
FKIE_CVE-2019-16407
Vulnerability from fkie_nvd - Published: 2019-10-02 19:15 - Updated: 2024-11-21 04:30
Severity ?
Summary
JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jetbrains:resharper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F6B1BB9-4165-4ED9-8BBE-25117A44E464",
"versionEndExcluding": "2019.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability."
},
{
"lang": "es",
"value": "Los instaladores de JetBrains ReSharper para versiones anteriores a 2019.2, presentaban una vulnerabilidad de Secuestro de DLL."
}
],
"id": "CVE-2019-16407",
"lastModified": "2024-11-21T04:30:39.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-02T19:15:15.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-64456 (GCVE-0-2025-64456)
Vulnerability from cvelistv5 – Published: 2025-11-10 13:28 – Updated: 2025-11-11 04:55
VLAI?
Summary
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation
Severity ?
8.4 (High)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64456",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T04:55:34.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ReSharper",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.2.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T13:28:03.624Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64456",
"datePublished": "2025-11-10T13:28:03.624Z",
"dateReserved": "2025-11-04T14:34:01.215Z",
"dateUpdated": "2025-11-11T04:55:34.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-23385 (GCVE-0-2025-23385)
Vulnerability from cvelistv5 – Published: 2025-01-28 16:01 – Updated: 2025-01-28 16:26
VLAI?
Summary
In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible
Severity ?
7.8 (High)
CWE
- CWE-114 - Process Control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| JetBrains | ReSharper |
Affected:
2024.3 , < 2024.3.4
(semver)
Affected: 2024.2 , < 2024.2.8 (semver) Affected: 0 , < 2024.1.7 (semver) |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T16:25:22.095430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:26:10.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ReSharper",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.3.4",
"status": "affected",
"version": "2024.3",
"versionType": "semver"
},
{
"lessThan": "2024.2.8",
"status": "affected",
"version": "2024.2",
"versionType": "semver"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Rider",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.3.4",
"status": "affected",
"version": "2024.3",
"versionType": "semver"
},
{
"lessThan": "2024.2.8",
"status": "affected",
"version": "2024.2",
"versionType": "semver"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "dotTrace",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.3.4",
"status": "affected",
"version": "2024.3",
"versionType": "semver"
},
{
"lessThan": "2024.2.8",
"status": "affected",
"version": "2024.2",
"versionType": "semver"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ETW Host Service",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "16.43",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-114",
"description": "CWE-114: Process Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:01:55.084Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-23385",
"datePublished": "2025-01-28T16:01:55.084Z",
"dateReserved": "2025-01-15T11:51:10.292Z",
"dateUpdated": "2025-01-28T16:26:10.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16407 (GCVE-0-2019-16407)
Vulnerability from cvelistv5 – Published: 2019-10-02 18:11 – Updated: 2024-08-05 01:17
VLAI?
Summary
JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:39.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T18:11:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/",
"refsource": "MISC",
"url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16407",
"datePublished": "2019-10-02T18:11:42",
"dateReserved": "2019-09-18T00:00:00",
"dateUpdated": "2024-08-05T01:17:39.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-64456 (GCVE-0-2025-64456)
Vulnerability from nvd – Published: 2025-11-10 13:28 – Updated: 2025-11-11 04:55
VLAI?
Summary
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation
Severity ?
8.4 (High)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64456",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T04:55:34.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ReSharper",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.2.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T13:28:03.624Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64456",
"datePublished": "2025-11-10T13:28:03.624Z",
"dateReserved": "2025-11-04T14:34:01.215Z",
"dateUpdated": "2025-11-11T04:55:34.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-23385 (GCVE-0-2025-23385)
Vulnerability from nvd – Published: 2025-01-28 16:01 – Updated: 2025-01-28 16:26
VLAI?
Summary
In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible
Severity ?
7.8 (High)
CWE
- CWE-114 - Process Control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| JetBrains | ReSharper |
Affected:
2024.3 , < 2024.3.4
(semver)
Affected: 2024.2 , < 2024.2.8 (semver) Affected: 0 , < 2024.1.7 (semver) |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T16:25:22.095430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:26:10.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ReSharper",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.3.4",
"status": "affected",
"version": "2024.3",
"versionType": "semver"
},
{
"lessThan": "2024.2.8",
"status": "affected",
"version": "2024.2",
"versionType": "semver"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Rider",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.3.4",
"status": "affected",
"version": "2024.3",
"versionType": "semver"
},
{
"lessThan": "2024.2.8",
"status": "affected",
"version": "2024.2",
"versionType": "semver"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "dotTrace",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.3.4",
"status": "affected",
"version": "2024.3",
"versionType": "semver"
},
{
"lessThan": "2024.2.8",
"status": "affected",
"version": "2024.2",
"versionType": "semver"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ETW Host Service",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "16.43",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-114",
"description": "CWE-114: Process Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:01:55.084Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-23385",
"datePublished": "2025-01-28T16:01:55.084Z",
"dateReserved": "2025-01-15T11:51:10.292Z",
"dateUpdated": "2025-01-28T16:26:10.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16407 (GCVE-0-2019-16407)
Vulnerability from nvd – Published: 2019-10-02 18:11 – Updated: 2024-08-05 01:17
VLAI?
Summary
JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:39.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T18:11:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/",
"refsource": "MISC",
"url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16407",
"datePublished": "2019-10-02T18:11:42",
"dateReserved": "2019-09-18T00:00:00",
"dateUpdated": "2024-08-05T01:17:39.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}