CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39173
https://notcve.org/view.php?id=CVE-2023-39173
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-266: Incorrect Privilege Assignment •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38069
https://notcve.org/view.php?id=CVE-2023-38069
In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38068
https://notcve.org/view.php?id=CVE-2023-38068
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-799: Improper Control of Interaction Frequency •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38067
https://notcve.org/view.php?id=CVE-2023-38067
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38066
https://notcve.org/view.php?id=CVE-2023-38066
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •