CVE-2022-25264
https://notcve.org/view.php?id=CVE-2022-25264
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. En JetBrains TeamCity antes de 2021.2.3, las variables de entorno del tipo "password" podían registrarse en algunos casos. • https://blog.jetbrains.com https://www.jetbrains.com/privacy-security/issues-fixed • CWE-922: Insecure Storage of Sensitive Information •
CVE-2022-24342
https://notcve.org/view.php?id=CVE-2022-24342
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. En JetBrains TeamCity versiones anteriores a 2021.2.1, era posible una inyección de URL que conllevaba a un ataque de tipo CSRF. • https://github.com/yuriisanin/CVE-2022-24342 https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-24341
https://notcve.org/view.php?id=CVE-2022-24341
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user. En JetBrains TeamCity versiones anteriores a 2021.2.1, la edición de una cuenta de usuario para cambiar su contraseña no terminaba las sesiones del usuario editado. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-613: Insufficient Session Expiration •
CVE-2022-24340
https://notcve.org/view.php?id=CVE-2022-24340
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. En JetBrains TeamCity versiones anteriores a 2021.2.1, era posible que se produjera un error de tipo XXE durante el análisis del archivo de configuración. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2022-24339
https://notcve.org/view.php?id=CVE-2022-24339
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. JetBrains TeamCity versiones anteriores a 2021.2.1 era vulnerable a un ataque de tipo XSS almacenado. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •