CVE-2022-48342
https://notcve.org/view.php?id=CVE-2022-48342
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-1188: Initialization of a Resource with an Insecure Default •
CVE-2022-46831
https://notcve.org/view.php?id=CVE-2022-46831
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators. En JetBrains TeamCity, entre 2022.10 y 2022.10.1, la conexión a AWS mediante la "Cadena de proveedor de credenciales predeterminada" permitió a los administradores de proyectos de TeamCity acceder a los recursos de AWS normalmente limitados a los administradores del sistema de TeamCity. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-453: Insecure Default Variable Initialization CWE-1188: Initialization of a Resource with an Insecure Default •
CVE-2022-46830
https://notcve.org/view.php?id=CVE-2022-46830
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. En JetBrains TeamCity entre 2022.10 y 2022.10.1, un endpoint STS personalizado permitía el escaneo de puertos internos. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-44622
https://notcve.org/view.php?id=CVE-2022-44622
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive En la versión JetBrains TeamCity entre 2021.2 y 2022.10, los permisos de acceso para elementos de estado de tokens seguros eran excesivos • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-284: Improper Access Control •
CVE-2022-44624
https://notcve.org/view.php?id=CVE-2022-44624
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters En la versión JetBrains TeamCity anterior a 2022.10, los parámetros de contraseña podían quedar expuestos en el registro de compilación si contenían caracteres especiales. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-532: Insertion of Sensitive Information into Log File •