CVE-2022-24342
https://notcve.org/view.php?id=CVE-2022-24342
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. En JetBrains TeamCity versiones anteriores a 2021.2.1, era posible una inyección de URL que conllevaba a un ataque de tipo CSRF. • https://github.com/yuriisanin/CVE-2022-24342 https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-24341
https://notcve.org/view.php?id=CVE-2022-24341
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user. En JetBrains TeamCity versiones anteriores a 2021.2.1, la edición de una cuenta de usuario para cambiar su contraseña no terminaba las sesiones del usuario editado. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-613: Insufficient Session Expiration •
CVE-2022-24340
https://notcve.org/view.php?id=CVE-2022-24340
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. En JetBrains TeamCity versiones anteriores a 2021.2.1, era posible que se produjera un error de tipo XXE durante el análisis del archivo de configuración. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2022-24339
https://notcve.org/view.php?id=CVE-2022-24339
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. JetBrains TeamCity versiones anteriores a 2021.2.1 era vulnerable a un ataque de tipo XSS almacenado. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-24338
https://notcve.org/view.php?id=CVE-2022-24338
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. JetBrains TeamCity versiones anteriores a 2021.2.1 era vulnerable a un ataque de tipo XSS reflejado. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •