CVE-2024-47160
https://notcve.org/view.php?id=CVE-2024-47160
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVE-2024-47159
https://notcve.org/view.php?id=CVE-2024-47159
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVE-2024-46970
https://notcve.org/view.php?id=CVE-2024-46970
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible En JetBrains IntelliJ IDEA antes de 2024.1 era posible la inyección de HTML a través del nombre del proyecto • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-43810
https://notcve.org/view.php?id=CVE-2024-43810
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-43809
https://notcve.org/view.php?id=CVE-2024-43809
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •