CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24936
https://notcve.org/view.php?id=CVE-2024-24936
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed En JetBrains TeamCity antes de 2023.11.2, se omitía el control de acceso en el endpoint del complemento S3 Artifact Storage • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-285: Improper Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22370
https://notcve.org/view.php?id=CVE-2024-22370
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible En JetBrains YouTrack antes de 2023.3.22666 era posible el XSS almacenado mediante markdown • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51655
https://notcve.org/view.php?id=CVE-2023-51655
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration En JetBrains IntelliJ IDEA antes de 2023.3.2, la ejecución de código era posible en modo Untrusted Project a través de un repositorio de complementos maliciosos especificado en la configuración del proyecto. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-345: Insufficient Verification of Data Authenticity CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50871
https://notcve.org/view.php?id=CVE-2023-50871
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed En JetBrains YouTrack anterior a 2023.3.22268, se omitía la verificación de autorización para comentarios en línea dentro de las respuestas de los hilos. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-285: Improper Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50870
https://notcve.org/view.php?id=CVE-2023-50870
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible En JetBrains TeamCity antes de 2023.11.1 era posible un CSRF al iniciar sesión • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-352: Cross-Site Request Forgery (CSRF) •