CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48342
https://notcve.org/view.php?id=CVE-2022-48342
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47896
https://notcve.org/view.php?id=CVE-2022-47896
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47895
https://notcve.org/view.php?id=CVE-2022-47895
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46831
https://notcve.org/view.php?id=CVE-2022-46831
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators. En JetBrains TeamCity, entre 2022.10 y 2022.10.1, la conexión a AWS mediante la "Cadena de proveedor de credenciales predeterminada" permitió a los administradores de proyectos de TeamCity acceder a los recursos de AWS normalmente limitados a los administradores del sistema de TeamCity. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-453: Insecure Default Variable Initialization CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46830
https://notcve.org/view.php?id=CVE-2022-46830
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. En JetBrains TeamCity entre 2022.10 y 2022.10.1, un endpoint STS personalizado permitía el escaneo de puertos internos. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-918: Server-Side Request Forgery (SSRF) •