CVE-2022-24347
https://notcve.org/view.php?id=CVE-2022-24347
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. JetBrains YouTrack versiones anteriores a 2021.4.36872 era vulnerable a un ataque de tipo XSS almacenado por medio de un icono de proyecto. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-24346
https://notcve.org/view.php?id=CVE-2022-24346
In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible. En JetBrains IntelliJ IDEA versiones anteriores a 2021.3.1, era posible una ejecución de código local por medio de caracteres RLO (Right-to-Left Override). • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 •
CVE-2022-24345
https://notcve.org/view.php?id=CVE-2022-24345
In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible. En JetBrains IntelliJ IDEA versiones anteriores a 2021.2.4, era posible una ejecución de código local (sin permiso de un usuario) al abrir un proyecto. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 •
CVE-2022-24344
https://notcve.org/view.php?id=CVE-2022-24344
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. En JetBrains YouTrack versiones anteriores a 2021.4.31698 era vulnerable a un ataque de tipo XSS almacenado en la página de plantillas de notificaciones. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-24343
https://notcve.org/view.php?id=CVE-2022-24343
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. En JetBrains YouTrack versiones anteriores a 2021.4.31698, un usuario con permisos de sólo lectura podía establecer un logotipo personalizado. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-276: Incorrect Default Permissions •