CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41826
https://notcve.org/view.php?id=CVE-2024-41826
22 Jul 2024 — In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page En JetBrains TeamCity antes de 2024.07, era posible el XSS almacenado en la página Show Connection • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 36%CPEs: 1EXPL: 0CVE-2024-41825
https://notcve.org/view.php?id=CVE-2024-41825
22 Jul 2024 — In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab En JetBrains TeamCity antes de 2024.07, era posible el XSS almacenado en la pestaña Code Inspection • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41824
https://notcve.org/view.php?id=CVE-2024-41824
22 Jul 2024 — In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases En JetBrains TeamCity antes de 2024.07, los parámetros del tipo "password" podían filtrarse en el registro de compilación en algunos casos específicos. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39879
https://notcve.org/view.php?id=CVE-2024-39879
01 Jul 2024 — In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings En JetBrains TeamCity antes de 2024.03.3, el token de aplicación podía exponerse en la configuración del perfil de nube EC2 • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39878
https://notcve.org/view.php?id=CVE-2024-39878
01 Jul 2024 — In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection En JetBrains TeamCity antes de 2024.03.3, la clave privada podía exponerse mediante la prueba de conexión de la aplicación GitHub • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36470
https://notcve.org/view.php?id=CVE-2024-36470
29 May 2024 — In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases En JetBrains TeamCity antes de 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 la omisión de autenticación era posible en casos extremos específicos • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36378
https://notcve.org/view.php?id=CVE-2024-36378
29 May 2024 — In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens En JetBrains TeamCity antes de 2024.03.2, el servidor era susceptible a ataques DoS con tokens de autenticación incorrectos • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36377
https://notcve.org/view.php?id=CVE-2024-36377
29 May 2024 — In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions En JetBrains TeamCity antes de 2024.03.2, ciertos endpoints de la API de TeamCity no verificaban los permisos de usuario • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36376
https://notcve.org/view.php?id=CVE-2024-36376
29 May 2024 — In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions En JetBrains TeamCity antes de 2024.03.2, los usuarios podían realizar acciones que no deberían estar disponibles para ellos según sus permisos. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36375
https://notcve.org/view.php?id=CVE-2024-36375
29 May 2024 — In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed En JetBrains TeamCity antes de 2024.03.2, la información técnica sobre el servidor TeamCity podría estar expuesta • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-209: Generation of Error Message Containing Sensitive Information •