CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43809
https://notcve.org/view.php?id=CVE-2024-43809
16 Aug 2024 — In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43808
https://notcve.org/view.php?id=CVE-2024-43808
16 Aug 2024 — In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43807
https://notcve.org/view.php?id=CVE-2024-43807
16 Aug 2024 — In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43114
https://notcve.org/view.php?id=CVE-2024-43114
06 Aug 2024 — In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41829
https://notcve.org/view.php?id=CVE-2024-41829
22 Jul 2024 — In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection En JetBrains TeamCity antes de 2024.07, se podía robar un código OAuth para JetBrains Space a través de la conexión de Space Application. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41828
https://notcve.org/view.php?id=CVE-2024-41828
22 Jul 2024 — In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time En JetBrains TeamCity antes de 2024.07, la comparación de tokens de autorización no llevaba un tiempo constante • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-208: Observable Timing Discrepancy •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41827
https://notcve.org/view.php?id=CVE-2024-41827
22 Jul 2024 — In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration En JetBrains TeamCity antes de 2024.07, los tokens de acceso podían seguir funcionando después de su eliminación o vencimiento • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-613: Insufficient Session Expiration •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41826
https://notcve.org/view.php?id=CVE-2024-41826
22 Jul 2024 — In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page En JetBrains TeamCity antes de 2024.07, era posible el XSS almacenado en la página Show Connection • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41825
https://notcve.org/view.php?id=CVE-2024-41825
22 Jul 2024 — In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab En JetBrains TeamCity antes de 2024.07, era posible el XSS almacenado en la pestaña Code Inspection • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41824
https://notcve.org/view.php?id=CVE-2024-41824
22 Jul 2024 — In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases En JetBrains TeamCity antes de 2024.07, los parámetros del tipo "password" podían filtrarse en el registro de compilación en algunos casos específicos. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-532: Insertion of Sensitive Information into Log File •