Page 29 of 431 results (0.004 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-1188: Initialization of a Resource with an Insecure Default •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators. En JetBrains TeamCity, entre 2022.10 y 2022.10.1, la conexión a AWS mediante la "Cadena de proveedor de credenciales predeterminada" permitió a los administradores de proyectos de TeamCity acceder a los recursos de AWS normalmente limitados a los administradores del sistema de TeamCity. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-453: Insecure Default Variable Initialization CWE-1188: Initialization of a Resource with an Insecure Default •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. En JetBrains TeamCity entre 2022.10 y 2022.10.1, un endpoint STS personalizado permitía el escaneo de puertos internos. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-918: Server-Side Request Forgery (SSRF) •