In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic. Rated low severity (CVSS 2.5). Public exploit code available and no vendor patch available.
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
This affects all versions of package com.squareup:connect. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.