CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24461
https://notcve.org/view.php?id=CVE-2025-24461
21 Jan 2025 — In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24460
https://notcve.org/view.php?id=CVE-2025-24460
21 Jan 2025 — In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24459
https://notcve.org/view.php?id=CVE-2025-24459
21 Jan 2025 — In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24458
https://notcve.org/view.php?id=CVE-2025-24458
21 Jan 2025 — In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24457
https://notcve.org/view.php?id=CVE-2025-24457
21 Jan 2025 — In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24456
https://notcve.org/view.php?id=CVE-2025-24456
21 Jan 2025 — In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56356
https://notcve.org/view.php?id=CVE-2024-56356
20 Dec 2024 — In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2024-56355
https://notcve.org/view.php?id=CVE-2024-56355
20 Dec 2024 — In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56354
https://notcve.org/view.php?id=CVE-2024-56354
20 Dec 2024 — In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56353
https://notcve.org/view.php?id=CVE-2024-56353
20 Dec 2024 — In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •