CVE-2024-36377
https://notcve.org/view.php?id=CVE-2024-36377
In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions En JetBrains TeamCity antes de 2024.03.2, ciertos endpoints de la API de TeamCity no verificaban los permisos de usuario • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVE-2024-36376
https://notcve.org/view.php?id=CVE-2024-36376
In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions En JetBrains TeamCity antes de 2024.03.2, los usuarios podían realizar acciones que no deberían estar disponibles para ellos según sus permisos. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVE-2024-36375
https://notcve.org/view.php?id=CVE-2024-36375
In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed En JetBrains TeamCity antes de 2024.03.2, la información técnica sobre el servidor TeamCity podría estar expuesta • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2024-36374
https://notcve.org/view.php?id=CVE-2024-36374
In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible En JetBrains TeamCity antes de 2024.03.2 era posible XSS almacenado a través de la configuración de pasos de compilación • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-36373
https://notcve.org/view.php?id=CVE-2024-36373
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible En JetBrains TeamCity antes de 2024.03.2, era posible varios XSS almacenados en configuraciones de compilaciones que no eran de confianza • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •