CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45613
https://notcve.org/view.php?id=CVE-2023-45613
In JetBrains Ktor before 2.3.5 server certificates were not verified En JetBrains Ktor anterior a 2.3.5, los certificados de servidor no se verificaban • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45612
https://notcve.org/view.php?id=CVE-2023-45612
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE En JetBrains Ktor anterior a 2.3.5, la configuración predeterminada de ContentNegotiation con formato XML era vulnerable a XXE • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43566
https://notcve.org/view.php?id=CVE-2023-43566
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration En JetBrains TeamCity antes de 2023.05.4, era posible almacenar XSS durante la configuración de los nodos • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 97%CPEs: 1EXPL: 10CVE-2023-42793 – JetBrains TeamCity Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-42793
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible En JetBrains TeamCity antes de la versión 2023.05.4, era posible omitir la autenticación que conducía a RCE en TeamCity Server JetBrains TeamCity version 2023.05.3 suffers from a remote code execution vulnerability. JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server. • https://www.exploit-db.com/exploits/51884 https://github.com/H454NSec/CVE-2023-42793 https://github.com/Zyad-Elsayed/CVE-2023-42793 https://github.com/junnythemarksman/CVE-2023-42793 https://github.com/Zenmovie/CVE-2023-42793 https://github.com/hotplugin0x01/CVE-2023-42793 https://github.com/HusenjanDev/CVE-2023-42793 https://github.com/FlojBoj/CVE-2023-42793 https://github.com/whoamins/CVE-2023-42793 http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote& • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41250
https://notcve.org/view.php?id=CVE-2023-41250
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration En TeamCity de JetBrains antes de 2023.05.3 era posible realizar un Cross-Site Scripting (XSS) Reflejado durante el registro de usuario. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •