CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48342
https://notcve.org/view.php?id=CVE-2022-48342
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46831
https://notcve.org/view.php?id=CVE-2022-46831
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators. En JetBrains TeamCity, entre 2022.10 y 2022.10.1, la conexión a AWS mediante la "Cadena de proveedor de credenciales predeterminada" permitió a los administradores de proyectos de TeamCity acceder a los recursos de AWS normalmente limitados a los administradores del sistema de TeamCity. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-453: Insecure Default Variable Initialization CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46830
https://notcve.org/view.php?id=CVE-2022-46830
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. En JetBrains TeamCity entre 2022.10 y 2022.10.1, un endpoint STS personalizado permitía el escaneo de puertos internos. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44646
https://notcve.org/view.php?id=CVE-2022-44646
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings En la versión JetBrains TeamCity anterior a 2022.10, no se agregaron elementos de auditoría al editar la configuración de un usuario • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-223: Omission of Security-relevant Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44623
https://notcve.org/view.php?id=CVE-2022-44623
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings En la versión JetBrains TeamCity anterior a 2022.10, Project Viewer podía ver valores seguros codificados en la configuración de MetaRunner. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •