CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56354
https://notcve.org/view.php?id=CVE-2024-56354
20 Dec 2024 — In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56353
https://notcve.org/view.php?id=CVE-2024-56353
20 Dec 2024 — In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56352
https://notcve.org/view.php?id=CVE-2024-56352
20 Dec 2024 — In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56351
https://notcve.org/view.php?id=CVE-2024-56351
20 Dec 2024 — In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-613: Insufficient Session Expiration •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56350
https://notcve.org/view.php?id=CVE-2024-56350
20 Dec 2024 — In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56349
https://notcve.org/view.php?id=CVE-2024-56349
20 Dec 2024 — In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56348
https://notcve.org/view.php?id=CVE-2024-56348
20 Dec 2024 — In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47951
https://notcve.org/view.php?id=CVE-2024-47951
08 Oct 2024 — In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47950
https://notcve.org/view.php?id=CVE-2024-47950
08 Oct 2024 — In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47949
https://notcve.org/view.php?id=CVE-2024-47949
08 Oct 2024 — In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-23: Relative Path Traversal •