Page 13 of 195 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-266: Incorrect Privilege Assignment •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •