Page 21 of 175 results (0.009 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. En JetBrains TeamCity versiones anteriores a 2021.2.1, era posible una inyección de URL que conllevaba a un ataque de tipo CSRF. • https://github.com/yuriisanin/CVE-2022-24342 https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user. En JetBrains TeamCity versiones anteriores a 2021.2.1, la edición de una cuenta de usuario para cambiar su contraseña no terminaba las sesiones del usuario editado. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-613: Insufficient Session Expiration •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. En JetBrains TeamCity versiones anteriores a 2021.2.1, era posible que se produjera un error de tipo XXE durante el análisis del archivo de configuración. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. JetBrains TeamCity versiones anteriores a 2021.2.1 era vulnerable a un ataque de tipo XSS almacenado. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. JetBrains TeamCity versiones anteriores a 2021.2.1 era vulnerable a un ataque de tipo XSS reflejado. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •