CVE-2022-29929
https://notcve.org/view.php?id=CVE-2022-29929
In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible En JetBrains TeamCity versiones anteriores a 2022.04, era posible un potencial ataque de tipo XSS por medio del encabezado Referrer • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-29928
https://notcve.org/view.php?id=CVE-2022-29928
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible En JetBrains TeamCity versiones anteriores a 2022.04, era posible una filtración de secretos en los registros del agente de TeamCity • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-29927
https://notcve.org/view.php?id=CVE-2022-29927
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible En JetBrains TeamCity versiones anteriores a 2022.04, era posible un ataque de tipo XSS reflejado en la página Build Chain Status • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-25261
https://notcve.org/view.php?id=CVE-2022-25261
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. JetBrains TeamCity antes de 2021.2.2, era vulnerable a un ataque de tipo XSS reflejado. • https://blog.jetbrains.com https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-25263
https://notcve.org/view.php?id=CVE-2022-25263
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. JetBrains TeamCity antes de 2021.2.3, era vulnerable a una inyección de comandos del Sistema Operativo en la configuración de la función Agent Push. • https://blog.jetbrains.com https://www.jetbrains.com/privacy-security/issues-fixed • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •