CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2024-56352
https://notcve.org/view.php?id=CVE-2024-56352
20 Dec 2024 — In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56351
https://notcve.org/view.php?id=CVE-2024-56351
20 Dec 2024 — In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-613: Insufficient Session Expiration •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56350
https://notcve.org/view.php?id=CVE-2024-56350
20 Dec 2024 — In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56349
https://notcve.org/view.php?id=CVE-2024-56349
20 Dec 2024 — In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56348
https://notcve.org/view.php?id=CVE-2024-56348
20 Dec 2024 — In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54158
https://notcve.org/view.php?id=CVE-2024-54158
04 Dec 2024 — In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding En JetBrains YouTrack antes de 2024.3.52635 era posible un posible ataque de suplantación de identidad debido a la falta de codificación Punycode • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-173: Improper Handling of Alternate Encoding •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54157
https://notcve.org/view.php?id=CVE-2024-54157
04 Dec 2024 — In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector En JetBrains YouTrack antes de 2024.3.52635 era posible un ReDoS potencial debido a una RegExp vulnerable en el detector de sintaxis Ruby • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54156
https://notcve.org/view.php?id=CVE-2024-54156
04 Dec 2024 — In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack En JetBrains YouTrack antes de 2024.3.52635, varias funciones de fusión eran vulnerables a ataques de contaminación de prototipos • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54155
https://notcve.org/view.php?id=CVE-2024-54155
04 Dec 2024 — In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication En JetBrains YouTrack antes de 2024.3.51866, un control de acceso incorrecto permitía enumerar nombres de proyectos durante la importación de aplicaciones sin autenticación • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54154
https://notcve.org/view.php?id=CVE-2024-54154
04 Dec 2024 — In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox En JetBrains YouTrack antes de 2024.3.51866, la toma de control del sistema era posible a través del path traversal en el entorno protegido del complemento • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-23: Relative Path Traversal •