CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50573
https://notcve.org/view.php?id=CVE-2024-50573
In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49580
https://notcve.org/view.php?id=CVE-2024-49580
In JetBrains Ktor before 3.0.0 improper caching in HttpCache Plugin could lead to response information disclosure • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49579
https://notcve.org/view.php?id=CVE-2024-49579
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48902
https://notcve.org/view.php?id=CVE-2024-48902
In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-862: Missing Authorization •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47951
https://notcve.org/view.php?id=CVE-2024-47951
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •