CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34218
https://notcve.org/view.php?id=CVE-2023-34218
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48481
https://notcve.org/view.php?id=CVE-2022-48481
In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-691: Insufficient Control Flow Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48477
https://notcve.org/view.php?id=CVE-2022-48477
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48476
https://notcve.org/view.php?id=CVE-2022-48476
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48435
https://notcve.org/view.php?id=CVE-2022-48435
In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-532: Insertion of Sensitive Information into Log File •