CVE-2024-24936
https://notcve.org/view.php?id=CVE-2024-24936
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed En JetBrains TeamCity antes de 2023.11.2, se omitía el control de acceso en el endpoint del complemento S3 Artifact Storage • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-285: Improper Authorization •
CVE-2023-50870
https://notcve.org/view.php?id=CVE-2023-50870
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible En JetBrains TeamCity antes de 2023.11.1 era posible un CSRF al iniciar sesión • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-43566
https://notcve.org/view.php?id=CVE-2023-43566
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration En JetBrains TeamCity antes de 2023.05.4, era posible almacenar XSS durante la configuración de los nodos • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-42793 – JetBrains TeamCity Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-42793
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible En JetBrains TeamCity antes de la versión 2023.05.4, era posible omitir la autenticación que conducía a RCE en TeamCity Server JetBrains TeamCity version 2023.05.3 suffers from a remote code execution vulnerability. JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server. • https://www.exploit-db.com/exploits/51884 https://github.com/H454NSec/CVE-2023-42793 https://github.com/Zyad-Elsayed/CVE-2023-42793 https://github.com/junnythemarksman/CVE-2023-42793 https://github.com/Zenmovie/CVE-2023-42793 https://github.com/hotplugin0x01/CVE-2023-42793 https://github.com/HusenjanDev/CVE-2023-42793 https://github.com/FlojBoj/CVE-2023-42793 https://github.com/whoamins/CVE-2023-42793 http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote& • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2023-41250
https://notcve.org/view.php?id=CVE-2023-41250
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration En TeamCity de JetBrains antes de 2023.05.3 era posible realizar un Cross-Site Scripting (XSS) Reflejado durante el registro de usuario. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •