CVSS: 5.5EPSS: 5%CPEs: 1EXPL: 0CVE-2022-48428
https://notcve.org/view.php?id=CVE-2022-48428
27 Mar 2023 — In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48427
https://notcve.org/view.php?id=CVE-2022-48427
27 Mar 2023 — In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48426
https://notcve.org/view.php?id=CVE-2022-48426
27 Mar 2023 — In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48344
https://notcve.org/view.php?id=CVE-2022-48344
23 Feb 2023 — In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 6%CPEs: 1EXPL: 0CVE-2022-48343
https://notcve.org/view.php?id=CVE-2022-48343
23 Feb 2023 — In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48342
https://notcve.org/view.php?id=CVE-2022-48342
23 Feb 2023 — In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46831
https://notcve.org/view.php?id=CVE-2022-46831
08 Dec 2022 — In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators. En JetBrains TeamCity, entre 2022.10 y 2022.10.1, la conexión a AWS mediante la "Cadena de proveedor de credenciales predeterminada" permitió a los administradores de proyectos de TeamCity acceder a los recursos de AWS normalmente limitados a los administradores del sistema de Te... • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-453: Insecure Default Variable Initialization CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46830
https://notcve.org/view.php?id=CVE-2022-46830
08 Dec 2022 — In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. En JetBrains TeamCity entre 2022.10 y 2022.10.1, un endpoint STS personalizado permitía el escaneo de puertos internos. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44646
https://notcve.org/view.php?id=CVE-2022-44646
03 Nov 2022 — In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings En la versión JetBrains TeamCity anterior a 2022.10, no se agregaron elementos de auditoría al editar la configuración de un usuario • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-223: Omission of Security-relevant Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44622
https://notcve.org/view.php?id=CVE-2022-44622
03 Nov 2022 — In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive En la versión JetBrains TeamCity entre 2021.2 y 2022.10, los permisos de acceso para elementos de estado de tokens seguros eran excesivos • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-284: Improper Access Control •